Global forward thinking IT leaders and practitioners urge that DevSecOps is more than just a cobbled-up term. Credible research by Synk.io and Gartner reveals that enabling DevSecOps helps introduce a lot of productivity gains and efficiencies in the modern "software engineering factory". - First, if developers take an observability-by-design approach, they can boost application performance and resulting user experience from the get-go. 
- Next, DevSecOps not only helps introduce Security testing in CI/CD but also helps embrace a shared responsibility mindset by spreading Security related responsibilities across developers, security architects, CISO organisation, and site reliability engineers. 
- Inherently, DevSecOps methodology based software quality gates can assist enterprises to contain and minimise costly production incidents that erode customer confidence. 
- In practical sense, DevSecOps introduce triple optimisation mechanism: 
1) enablement of a dev optimisation stage 
2) a host/app vulnerability scan gate for each change/release introduced via CI/CD process and 
3) a scientific release scoring mechanism in form of a software quality-check gate that allows only performant releases to be deployed to production. 
 The fun doesn’t stop here, the security gate helps detect Log4j vulnerability-like situations driven atop a continuous and automated all-encompassing full-stack observability agent. This helps shift left from a reactive SecOps-only approach to early risk detection, mitigation, and management.  

The talk aims to benefit developers, release train engineers, engineering management (VPs/CTO/Mgrs), SRE, Testers, CISO, platform engineers and other IT roles.

The key objective of the session is to showcase good practices surrounding DevSecOps and its step-by-step building blocks.

свернуть