DevOps - , , , , . DevOps , , , DevOps — (CI/CD), (IaC), AIOps, .
, DevOps, , «DevOps» , . DevQaOps, ShiftLeft , .
, , . , DevSecOps.
, DevSecOps .
DevOps , C (CAB). , , -, , . , , , , ( , - , . ).
DevOps, . State Of DevOps 2019 ( ), DORA Google Cloud, 43% , , . , .
infosec :
- , ;
- CI/CD;
- , .
, . , , .
,
infosec , , . State of DevOps, Puppet, CircleCI Splunk, infosec:
- .
- .
- .
, . infosec , , , , , .
infosec.
OWASP, :
- , , , , .
- -.
- , , , «» , , .
- , .
, infosec . , , .
, , , AWS, Azure, Google Cloud
CI/CD
— CI/CD, . , CI/CD:
- (SAST), SonarQube, Veracode, Sentinel Source Checkmarx . , SonarQube ( ), , , . Veracode , 11 , , 5% . Checkmarx 20+ , PCI-DSS, HIPAA, FISMA . IDE CI/CD. SAST , CodeWarrior NodeJsScan. OWASP 20 , , .
- , , . GitLab Secure SAST , , Java, JavaScript, PHP, Python, Ruby, Scala Go. OWASP Dependency Check Jenkins, CircleCI SonarQube. Snyk, , . Microsoft Application Inspector, , 400 , .
- , , , (SDLC). OWASP ZAP (Zed Attack Proxy) CI/CD, Jenkins . All Day DevOps Simon Bennetts, ZAP, : « , . ZAP !»
- DevOps, , . Jenkins Azure DevOps 40 , CircleCI 20. Microsoft Azure , AWS — DevSecOps CodePipeline. , DevOps , infosec .
- — CI/CD. , CircleCI, Jenkins .
AIOps
DevSecOps, , . DevSecOps , , IoT. , , , IoT — .
, , , . , , — . , , .
AIOps, DevOps . , — , .
AIOps , . , , , . , .
infosec AIOps. , , , DevOps, .
, , , , , . , , DevOps, .
: CI/CD «CI/CD Gitlab CI». 3 2020 .