DevSecOps approach will need to enable the following tools:
Unlike traditional devops practices, the main idea is to implement security into every phase of the application development, from design to production. Apart from secure coding practices, automated security testing etc. the DevSecOps teams will need special skill set like improved team collaboration, and shared responsibility for everyone concerning security.
|Intensify your DevSecOps strategy with R&S®Trusted Application Factory
|Security: The security layer is deployed as a micro-WAF within the application so that it can be scaled up or down at the same time as the application, in Kubernetes or Docker clusters. The security configuration resides close to the application code itself, keeping the security up to date and aligned with the version of the application.
Simplicity: The security solution with context description is integrated in the form of a configuration file close to the application code and then implemented within the continuous integration continuous deployment (CI/CD) pipeline with already existing tools to simplify collaboration. Thus, the same tools, languages and concepts are used. This results in increased security and fewer false positives.
Visibility: It provides visibility to the various stakeholders: development and security teams. R&S Trusted Application Factory tracks the application from design till production execution, providing indicators on its security throughout its life cycle.