A DEVSECOPS PLAYBOOK
This playbook summarizes how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps. To accommodate a shift to this new approach, security teams need to keep the following in mind:
- Determine the current code promotion and QA processes in place at your organization and decide where security team members can best integrate into the code development and promotion life cycle.
- Work with business unit leaders to understand their goals as they relate to rapid development, and learn how operations and security teams can better work with programmers throughout the software development life cycle.
- Evaluate operations collaboration with development currently, and see where the major gaps are related to communication and ongoing management and maintenance.
- Learn more about DevOps and major automation frameworks like Puppet and Chef.