Learn how to implement continuous security throughout your entire software development and delivery pipeline. With this hands-on book, developers, SREs, tech leads, and security engineers will learn how to combine their security process with their DevOps culture. You'll gain a thorough understanding of the best DevSecOps practices, from the construction of safer container images to the hardening of orchestrators to methods for securing your cloud environment.

Michelle Ribeiro, CEO of SPIRITSEC, shows you how to introduce security into DevOps culture, methodologies and tools. You'll learn how to take advantage of contrasting security and DevOps cultures to build an effective DevSecOps program. You'll also explore the four Cs of the cloud-native security model: code, container, cloud, and cluster security by following coded examples.

  • Get a review of the current threat environment to learn why security is becoming part of the DevOps movement
  • Build an effective DevSecOps program by bridging the gap between the InfoSec and DevOps cultures
  • Integrate security into the rapid-release cycles typical of modern software application development and delivery
  • Secure your code, containers, clusters, and the cloud
  • Avoid common DevSecOps mistakes by looking at case studies from Netflix, Facebook, and HSBC
  • Table of Contents

    1. 1. Introducing DevSecOps
      1. The Three Faces of DevSecOps
      2. Introducing Security into DevOps Culture
      3. Securing DevOps Methodologies
      4. Securing DevOps Tools
      5. Why Adopt DevSecOps?
      6. Common Misconceptions About DevSecOps
      7. Summary
    2. 2. Bridging the InfoSec and DevOps Cultures
      1. Accelerate: Capabilities to Drive Continuous Security
      2. Value Stream
      3. Collaboration
      4. Shift Left
      5. Empowered Teams
      6. Test Automation
      7. Working in Small Batches
      8. Team Experimentation
      9. Visualizing Work and Proactive Notifications
      10. Monitoring
      11. Summary