Skip main navigation

Hurry, only 2 days left to get one year of Unlimited learning for £249.99 £174.99. New subscribers only. T&Cs apply

Find out more

The importance of integrating DevOps and security

In this article, we learn about the importance of integrating DevOps and security. Let's explore this further.

DevOps and security

You can’t really leave security out of your DevOps workflow because the cost of having a data breach is significantly high.

At the same time, the overhead that security adds to your delivery process can be tremendous.


A solution to consider is DevSecOps. DevSecOps is the practice of thinking about application and infrastructure security from the start. It also means automating some security gates to keep the DevOps workflow from slowing down.

As you move your code to build, through QA and into production, the cost of fixing security issues are significantly higher. In production, fixing a security breach means addressing the issue in your Dev environment by recreating security breach scenarios and then testing it all the way through to production.

One of the biggest concerns here is that you may not always have all the relevant infrastructure to create those scenarios in your Dev environment.

Integrating Security with Your Build Pipeline

Common security breach scenarios may include:

  • Using opensource code that potentially has malware scripts in the package.
  • Using an out-of-date package that onboard legacy ‘dead hair’ into your code.

To solve the potential security breaches in these two scenarios, you can potentially use quality packages that are on a subscription basis or have a process in place that can identify when packages are out of date and inform you of updates available.


WhiteSource is an example of an open-source security and license compliance management platform.

You can add the WhiteSource extensions to your build pipeline. To do so, you will have to get the WhiteSource Bolt and WhiteSource extensions from Marketplace.

Using WhiteSource extensions do not require any specific configuration. You will, however, have to point the extensions after your NuGet Package restore so that it can get the packages that it needs to identify.

You also need to register on the Windows website for the alerting mechanism that creates a dashboard and sends alerts when a package might go out of date.

This article is from the free online

Microsoft Future Ready: Continuous Integration Implementation

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now