Introduction

Due to the rise of containerized applications the new word DevOps or DevSecOps.

So what is DevOps?

Basically the developer should also build & operate the infrastructure on which is code runs on.

And DevSecOps?

We need Security, so adapt DevOps Practises also for Security. Devs should also be resonsible to securing their infrastructure.

What are the goals?

The main Goal for DevOps Practises is to shorten time of the SDLC (Systems Develoopment Lifecyle). Basically be faster to ship code into production.

Problems

DevSecOps is not a person

DevSecOps covers a whole lot of topics. Tooo much to handle for a single person.

I've noticed a theme with security teams: they take a while to adapt. In the days before the Internet, security was not a priority because it was never a serious concern. These teams were established only when internet adoption began to spread, and they were incorporated into the early waterfall processes because it was how infrastructure teams and development teams collaborated.

Developers aren't Security or Infrastructure Experts

One of