£199.99 £139.99 for one year of Unlimited learning. Offer ends on 14 November 2022 at 23:59 (UTC). T&Cs apply

Find out more
The importance of integrating DevOps and security
Skip main navigation

The importance of integrating DevOps and security

In this article, we learn about the importance of integrating DevOps and security. Let's explore this further.

DevOps and security

You can’t really leave security out of your DevOps workflow because the cost of having a data breach is significantly high.

At the same time, the overhead that security adds to your delivery process can be tremendous.

DevSecOps

A solution to consider is DevSecOps. DevSecOps is the practice of thinking about application and infrastructure security from the start. It also means automating some security gates to keep the DevOps workflow from slowing down.

As you move your code to build, through QA and into production, the cost of fixing security issues are significantly higher. In production, fixing a security breach means addressing the issue in your Dev environment by recreating security breach scenarios and then testing it all the way through to production.

One of the biggest concerns here is that you may not always have all the relevant infrastructure to create those scenarios in your Dev environment.

Integrating Security with Your Build Pipeline

Common security breach scenarios may include:

  • Using opensource code that potentially has malware scripts in the package.
  • Using an out-of-date package that onboard legacy ‘dead hair’ into your code.

To solve the potential security breaches in these two scenarios, you can potentially use quality packages that are on a subscription basis or have a process in place that can identify when packages are out of date and inform you of updates available.

WhiteSource

WhiteSource is an example of an open-source security and license compliance management platform.

You can add the WhiteSource extensions to your build pipeline. To do so, you will have to get the WhiteSource Bolt and WhiteSource extensions from Marketplace.

Using WhiteSource extensions do not require any specific configuration. You will, however, have to point the extensions after your NuGet Package restore so that it can get the packages that it needs to identify.

You also need to register on the Windows website for the alerting mechanism that creates a dashboard and sends alerts when a package might go out of date.

This article is from the free online

Microsoft Future Ready: Continuous Integration Implementation

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education