devsecops_terms.md

DevSecOps Terms

Method of software development that is characterized by
- Division of tasks into short phases of work - sprints of 2-3 weeks
- Frequent reassessment - testing: functional, security, user
- Adaptation of plans
An Overview of Agile Development by ForrestKnight
Agile Software Development by MIT Courseware

Devops is a set of practices that increases the speed of developing high quality software and operation services.
Derived from Agile methodology.
This is done through automation, collaboration, fast feedback, and iterative improvement.
What is DevOps? by GitLab
DevOps CI/CD Explained in 100 Seconds by Fireship

Continuous Integration - Team members integrate their work in a shared repository. Git commits. Basic testing.
Continuous Delivery - Deploying on a pre-production or staging environment and performing automated tests to ensure the build is ready for production/release.
Continuous Deployment (not common) - Automatically deploy the build to production.
What is CI/CD Pipeline? by School of Basics (See image in timestamp 8:40)

In traditional SDLC, the stages include Plan > Code > Build > Test > Deploy > Monitor, where Security comes during the 'Test' or 'Deploy' phase.
Shift left means conducting security testing sooner and more often in the software development phase, i.e. starting from the 'Code' phase and then in the 'Test' and 'Deploy' phases.
Security testing starts from the source - SAST, DAST, SCA
What is Shift Left Security by Fortinet
Shift Left Security: Meaning and Real World Usage by CoderDave

Analyze the source code (written by the dev team) of the product for vulnerabilities.
Manual or automated white box testing.
Automated tests may have false positives. Time consuming
Happens earlier in the SDLC.