{"id":11910,"date":"2019-02-20T14:54:45","date_gmt":"2019-02-20T13:54:45","guid":{"rendered":"https:\/\/www.devon.nl\/?page_id=11910"},"modified":"2025-07-02T10:17:12","modified_gmt":"2025-07-02T08:17:12","slug":"what-is-devsecops","status":"publish","type":"page","link":"https:\/\/old.devon.nl\/en\/what-is-devsecops\/","title":{"rendered":"What is DevSecOps"},"content":{"rendered":"
[mk_page_section bg_image=”https:\/\/old.devon.nl\/wp-content\/uploads\/2018\/01\/shutterstock_610258601.jpg” bg_position=”center center” bg_stretch=”true” video_color_mask=”#000000″ min_height=”250″ js_vertical_centered=”true” sidebar=”sidebar-1″][vc_column][mk_fancy_title tag_name=”h1″ color=”#ffffff” size=”50″ force_font_size=”true” size_smallscreen=”40″ size_tablet=”30″ size_phone=”30″ margin_bottom=”0″ font_family=”none” align=”center”]What is DevSecops?[\/mk_fancy_title][\/vc_column][\/mk_page_section][mk_page_section][vc_column width=”2\/3″][mk_padding_divider size=”30″][mk_fancy_title color=”#ff5000″ size=”30″ force_font_size=”true” size_smallscreen=”20″ size_tablet=”20″ size_phone=”20″ txt_transform=”uppercase” margin_bottom=”0″ font_family=”none” responsive_align=”left”]What is DevSecOps?[\/mk_fancy_title][vc_column_text css=”.vc_custom_1551789285522{margin-bottom: 0px !important;}”]We know the goal of DevOps<\/a><\/strong>: is to bridge Development and Operations for a faster time-to-market and rapid customer satisfaction and feedback. The goal of DevSecOps is to bridge the security gap between both Development and Operations for more secure and faster software delivery. In many DevOps implementations and practices, security often ends up being the late comer, delaying the process of release and thus impeding all the benefits of DevOps and Agile software development.<\/p>\n

\u201cEveryone is responsible for security\u201d aims at bringing the idea that security is not only the responsibility of the security team. Security is the responsibility of everyone that is involved in building and managing software and IT systems. This includes: developers, line managers, business analysts, product owners, IT managers, portfolio managers, testers, quality assurance professionals, UX specialists and database administrators.[\/vc_column_text][mk_fancy_title margin_bottom=”0″ font_family=”none”]\n

Podcast: Why do we need DevSecOps?<\/h2>\n[\/mk_fancy_title][vc_raw_html]JTNDaWZyYW1lJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZvcGVuLnNwb3RpZnkuY29tJTJGZW1iZWQtcG9kY2FzdCUyRmVwaXNvZGUlMkY2bG1yMFdKTmlPN0VwMVhBalgxVlpiJTIyJTIwd2lkdGglM0QlMjIxMDAlMjUlMjIlMjBoZWlnaHQlM0QlMjIyMzIlMjIlMjBmcmFtZWJvcmRlciUzRCUyMjAlMjIlMjBhbGxvd3RyYW5zcGFyZW5jeSUzRCUyMnRydWUlMjIlMjBhbGxvdyUzRCUyMmVuY3J5cHRlZC1tZWRpYSUyMiUzRSUzQyUyRmlmcmFtZSUzRQ==[\/vc_raw_html][\/vc_column][vc_column width=”1\/3″][mk_padding_divider size=”30″][mk_image src=”https:\/\/old.devon.nl\/wp-content\/uploads\/2021\/06\/336×2800.png” image_size=”full” link=”https:\/\/old.devon.nl\/en\/high-performing-devops-enterprises-book\/”][mk_fancy_title tag_name=”span” color=”#ff5000″ size=”25″ force_font_size=”true” size_smallscreen=”20″ size_tablet=”20″ size_phone=”20″ margin_top=”10″ margin_bottom=”0″ font_family=”none” responsive_align=”left” el_class=”#case-study”]Case Study – Implementing security into DevOps<\/a>[\/mk_fancy_title][mk_image src=”https:\/\/old.devon.nl\/wp-content\/uploads\/2019\/01\/case-study-devsecops-1.png” image_width=”221″ image_height=”300″ link=”#case” align=”center”][\/vc_column][\/mk_page_section][mk_page_section bg_color=”#e0e0e0″ sidebar=”sidebar-1″][vc_column][mk_padding_divider size=”20″][mk_fancy_title tag_name=”span” color=”#000000″ size=”20″ font_weight=”300″ margin_bottom=”0″ font_family=”none” align=”center”]\n
\n
\n
\n
\n

“The purpose and intent of DevSecOps is to build on the mindset that \u201ceveryone is responsible for security\u201d with the goal of safely distributing security decisions at speed and scale to those who hold the highest level of context without sacrificing the safety required”<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n[\/mk_fancy_title][mk_fancy_title tag_name=”span” color=”#000000″ size=”25″ font_weight=”300″ font_family=”none” align=”right”]\n

\n
\n
\n
\n

– devsecops.org –\u00a0<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n[\/mk_fancy_title][\/vc_column][\/mk_page_section][mk_page_section][vc_column][mk_fancy_title color=”#ff5000″ size=”30″ force_font_size=”true” size_smallscreen=”20″ size_tablet=”20″ size_phone=”20″ txt_transform=”uppercase” margin_bottom=”0″ font_family=”none” responsive_align=”left”]The benefits of DevSecOps[\/mk_fancy_title][vc_row_inner][vc_column_inner][mk_fancy_title tag_name=”h3″ color=”#498fab” size=”20″ force_font_size=”true” size_smallscreen=”16″ size_tablet=”16″ size_phone=”16″ margin_top=”10″ margin_bottom=”0″ font_family=”none” responsive_align=”left”]#1 Improved quality and security[\/mk_fancy_title][vc_column_text css=”.vc_custom_1551110336424{margin-bottom: 0px !important;}”]Improved collaboration between security and DevOps teams so that the quality and security of the software increases exponentially<\/strong>. With DevSecOps, vulnerabilities in code and design are identified very early in the software development lifecycle. Moreover, IT operations plan the infrastructure needs with security software development frameworks, hardened services, containers, and virtual machine images. All whilst keeping the desired state configuration and infrastructure as code in mind. New development methods like \u201cCompliance as Code\u201d express security and compliance requirements in the form of version controlled human readable code. This enhances audit trails, and aids in quick and repeatable security tests against the hardened infrastructure.[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/3″][mk_fancy_title tag_name=”h3″ color=”#498fab” size=”20″ force_font_size=”true” size_smallscreen=”16″ size_tablet=”16″ size_phone=”16″ margin_top=”10″ margin_bottom=”0″ font_family=”none” responsive_align=”left”]#2 Baked-in security[\/mk_fancy_title][vc_column_text css=”.vc_custom_1551192298251{margin-bottom: 0px !important;}”]The most important win in a DevSecOps implementation is that security is baked into the entire software development and IT processes much earlier<\/strong>. Opposed to being bolted on after the software developed and deployed.[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/3″][mk_fancy_title tag_name=”h3″ color=”#498fab” size=”20″ force_font_size=”true” size_smallscreen=”16″ size_tablet=”16″ size_phone=”16″ margin_top=”10″ margin_bottom=”0″ font_family=”none” responsive_align=”left”]#3 Faster software delivery[\/mk_fancy_title][vc_column_text css=”.vc_custom_1551110011026{margin-bottom: 0px !important;}”]Because vulnerabilities are identified at an earlier stage, DevSecOps can also help to speed up software deliveries. We have seen multiple organizations where DevSecOps initiatives resulted in faster time-to-market\u00a0because security and compliance requirements were no longer slowing down the software delivery speeds (see case study).[\/vc_column_text][\/vc_column_inner][vc_column_inner width=”1\/3″][mk_fancy_title tag_name=”h3″ color=”#498fab” size=”20″ force_font_size=”true” size_smallscreen=”16″ size_tablet=”16″ size_phone=”16″ margin_top=”10″ margin_bottom=”0″ font_family=”none” responsive_align=”left”]#4 People are more involved[\/mk_fancy_title][vc_column_text css=”.vc_custom_1551099606890{margin-bottom: 0px !important;}”]Because security is baked into the development process, ownership of security lies with everyone involved in DevOps so people feel more accountable.<\/p>\n

Security becomes a continuous process and continuous thought and rarely gets off of peoples radar.[\/vc_column_text][\/vc_column_inner][\/vc_row_inner][\/vc_column][\/mk_page_section][mk_page_section][vc_column width=”2\/3″][mk_fancy_title color=”#ff5000″ size=”30″ force_font_size=”true” size_smallscreen=”20″ size_tablet=”20″ size_phone=”20″ txt_transform=”uppercase” margin_bottom=”0″ font_family=”none” responsive_align=”left”]How to start with DevSecOps?[\/mk_fancy_title][vc_column_text css=”.vc_custom_1550671007752{margin-bottom: 0px !important;}”]Now we know the answer to \u201cWhat is DevSecOps\u201d and \u201cWhat are its benefits\u201d, we can go to the next step: How do you start?[\/vc_column_text][vc_column_text css=”.vc_custom_1551108228976{margin-bottom: 0px !important;}”]1) Identify your organizations’ security posture and assess <\/strong>what kind of tools, practices are in place to ensure security. Identify the areas where security does not adequately catch up with the speed of business delivery and does not cater to the needs of business (due to traditional security practices and tools).<\/p>\n

2) Start with a small pilot<\/strong> DevSecOps initiative with one Business Unit or Software Delivery Team which has faced security challenges and that could take advantage of the DevSecOps benefits.<\/p>\n

3)<\/strong> Train your workforce<\/strong> such that the Business Analysts and Product Owners know what security risks they are up against. But also that developers and operations know how to secure by design and how to respond in case of a security incident.<\/p>\n

4)<\/strong> Leverage the state of the art security tooling<\/strong> to bring security closer to developers and into their well-known build systems. Always remember to stay focused and bring security in earlier into the software development lifecycle. But also to take advantage of techniques like Agile Threat Modelling. This helps you to focus on security testing efforts and to identify technical security requirements right before you start coding.<\/p>\n

5) Bring in automated scanning techniques<\/strong> to reject build check-ins if the software contains vulnerable versions of open source software libraries and third-party components.[\/vc_column_text][\/vc_column][vc_column width=”1\/3″][mk_fancy_title tag_name=”span” color=”#ff5000″ size=”25″ force_font_size=”true” size_smallscreen=”20″ size_tablet=”20″ size_phone=”20″ margin_bottom=”0″ font_family=”none” responsive_align=”left”]<\/a>Download the case study[\/mk_fancy_title][mk_image src=”https:\/\/old.devon.nl\/wp-content\/uploads\/2019\/01\/case-study-devsecops-1.png” image_width=”221″ image_height=”300″ align=”center”][vc_raw_html css=””]JTNDc2NyaXB0JTIwY2hhcnNldCUzRCUyMnV0Zi04JTIyJTIwdHlwZSUzRCUyMnRleHQlMkZqYXZhc2NyaXB0JTIyJTIwc3JjJTNEJTIyJTJGJTJGanMuaHNmb3Jtcy5uZXQlMkZmb3JtcyUyRmVtYmVkJTJGdjIuanMlMjIlM0UlM0MlMkZzY3JpcHQlM0UlMEElM0NzY3JpcHQlM0UlMEElMjAlMjBoYnNwdC5mb3Jtcy5jcmVhdGUlMjglN0IlMEElMjAlMjAlMjAlMjByZWdpb24lM0ElMjAlMjJuYTElMjIlMkMlMEElMjAlMjAlMjAlMjBwb3J0YWxJZCUzQSUyMCUyMjIwMjM5NzgyJTIyJTJDJTBBJTIwJTIwJTIwJTIwZm9ybUlkJTNBJTIwJTIyZGFiYTdiZTctM2YwMC00MTIzLWJkOTUtYzI4NWZmZGRhNGFhJTIyJTBBJTIwJTIwJTdEJTI5JTNCJTBBJTNDJTJGc2NyaXB0JTNF[\/vc_raw_html][\/vc_column][\/mk_page_section][mk_page_section][vc_column][mk_fancy_title color=”#ff5000″ size=”30″ force_font_size=”true” size_smallscreen=”20″ size_tablet=”20″ size_phone=”20″ txt_transform=”uppercase” margin_bottom=”0″ font_family=”none” responsive_align=”left”]Our DevSecOps services[\/mk_fancy_title][vc_column_text css=”.vc_custom_1718960555240{margin-bottom: 0px !important;}”]DevOn helps organizations to radically improve their software development. We help them to reap the benefits of DevSecOps through\u00a0consultancy<\/a><\/strong>\u00a0and\u00a0training<\/a>\u00a0<\/strong>so\u00a0they can\u00a0stay ahead of their competitors.<\/p>\n

Having trouble finding enough experienced developers who can help you with software development? DevOn\u00a0can also help your organization with this by offering AI Powered High-Performance Teams<\/a><\/strong>. If you would like to know more, please\u00a0contact us<\/a><\/strong>![\/vc_column_text][\/vc_column][\/mk_page_section][mk_page_section bg_color=”#e0e0e0″ sidebar=”sidebar-1″][vc_column width=”2\/3″][mk_padding_divider size=”30″][mk_fancy_title color=”#000000″ size=”20″ font_weight=”300″ txt_transform=”uppercase” margin_bottom=”0″ font_family=”none” align=”center”]Curious how you could put DevSecOps into practice? Follow one of our training courses<\/strong><\/a>![\/mk_fancy_title][\/vc_column][vc_column width=”1\/3″][mk_padding_divider size=”20″][mk_button dimension=”flat” corner_style=”rounded” size=”medium” url=”https:\/\/old.devon.nl\/en\/training-courses\/” align=”center” margin_top=”10″]All training courses[\/mk_button][\/vc_column][\/mk_page_section]\n<\/div>","protected":false},"excerpt":{"rendered":"

[mk_page_section bg_image=”https:\/\/old.devon.nl\/wp-content\/uploads\/2018\/01\/shutterstock_610258601.jpg” bg_position=”center center” bg_stretch=”true” video_color_mask=”#000000″ min_height=”250″ js_vertical_centered=”true” sidebar=”sidebar-1″][vc_column][mk_fancy_title tag_name=”h1″ color=”#ffffff” size=”50″ force_font_size=”true” size_smallscreen=”40″ size_tablet=”30″ size_phone=”30″ margin_bottom=”0″ font_family=”none” align=”center”]What is DevSecops?[\/mk_fancy_title][\/vc_column][\/mk_page_section][mk_page_section][vc_column width=”2\/3″][mk_padding_divider size=”30″][mk_fancy_title color=”#ff5000″ size=”30″ force_font_size=”true” size_smallscreen=”20″ size_tablet=”20″ size_phone=”20″ txt_transform=”uppercase” margin_bottom=”0″ font_family=”none” responsive_align=”left”]What is DevSecOps?[\/mk_fancy_title][vc_column_text css=”.vc_custom_1551789285522{margin-bottom: 0px !important;}”]We know the goal of DevOps: is to bridge Development and Operations for a faster time-to-market and rapid […]<\/p>\n","protected":false},"author":15,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"class_list":["post-11910","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"\nWhat is DevSecOps - DevOn<\/title>\n<meta name=\"description\" content=\"From Code to Cloud\u2014Securely.Discover how DevOn helps teams integrate automated security into every step of the SDLC.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Case study: DevSecOps\" \/>\n<meta property=\"og:description\" content=\"Download the free DevSecOps case study: "Implementing Security into DevOps" op https:\/\/old.devon.nl\/en\/what-is-devsecops\" \/>\n<meta property=\"og:url\" content=\"https:\/\/old.devon.nl\/en\/what-is-devsecops\/\" \/>\n<meta property=\"og:site_name\" content=\"DevOn\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-02T08:17:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/old.devon.nl\/wp-content\/uploads\/2019\/03\/case-study-graph.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Case study: DevSecOps\" \/>\n<meta name=\"twitter:description\" content=\"Download the free DevSecOps case study: "Implementing Security into DevOps" op https:\/\/old.devon.nl\/en\/what-is-devsecops\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/old.devon.nl\/wp-content\/uploads\/2019\/03\/case-study-graph.png\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/old.devon.nl\/en\/what-is-devsecops\/\",\"url\":\"https:\/\/old.devon.nl\/en\/what-is-devsecops\/\",\"name\":\"What is DevSecOps - DevOn\",\"isPartOf\":{\"@id\":\"https:\/\/old.devon.nl\/#website\"},\"datePublished\":\"2019-02-20T13:54:45+00:00\",\"dateModified\":\"2025-07-02T08:17:12+00:00\",\"description\":\"From Code to Cloud\u2014Securely.Discover how DevOn helps teams integrate automated security into every step of the SDLC.\",\"breadcrumb\":{\"@id\":\"https:\/\/old.devon.nl\/en\/what-is-devsecops\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/old.devon.nl\/en\/what-is-devsecops\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/old.devon.nl\/en\/what-is-devsecops\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/old.devon.nl\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is DevSecOps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/old.devon.nl\/#website\",\"url\":\"https:\/\/old.devon.nl\/\",\"name\":\"DevOn\",\"description\":\"Transforming organizations to disruptive digital enterprises.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/old.devon.nl\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is DevSecOps - DevOn","description":"From Code to Cloud\u2014Securely.Discover how DevOn helps teams integrate automated security into every step of the SDLC.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Case study: DevSecOps","og_description":"Download the free DevSecOps case study: \"Implementing Security into DevOps\" op https:\/\/old.devon.nl\/en\/what-is-devsecops","og_url":"https:\/\/old.devon.nl\/en\/what-is-devsecops\/","og_site_name":"DevOn","article_modified_time":"2025-07-02T08:17:12+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/old.devon.nl\/wp-content\/uploads\/2019\/03\/case-study-graph.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_title":"Case study: DevSecOps","twitter_description":"Download the free DevSecOps case study: \"Implementing Security into DevOps\" op https:\/\/old.devon.nl\/en\/what-is-devsecops","twitter_image":"https:\/\/old.devon.nl\/wp-content\/uploads\/2019\/03\/case-study-graph.png","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/old.devon.nl\/en\/what-is-devsecops\/","url":"https:\/\/old.devon.nl\/en\/what-is-devsecops\/","name":"What is DevSecOps - DevOn","isPartOf":{"@id":"https:\/\/old.devon.nl\/#website"},"datePublished":"2019-02-20T13:54:45+00:00","dateModified":"2025-07-02T08:17:12+00:00","description":"From Code to Cloud\u2014Securely.Discover how DevOn helps teams integrate automated security into every step of the SDLC.","breadcrumb":{"@id":"https:\/\/old.devon.nl\/en\/what-is-devsecops\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/old.devon.nl\/en\/what-is-devsecops\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/old.devon.nl\/en\/what-is-devsecops\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/old.devon.nl\/en\/"},{"@type":"ListItem","position":2,"name":"What is DevSecOps"}]},{"@type":"WebSite","@id":"https:\/\/old.devon.nl\/#website","url":"https:\/\/old.devon.nl\/","name":"DevOn","description":"Transforming organizations to disruptive digital enterprises.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/old.devon.nl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/old.devon.nl\/en\/wp-json\/wp\/v2\/pages\/11910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/old.devon.nl\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/old.devon.nl\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/old.devon.nl\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/old.devon.nl\/en\/wp-json\/wp\/v2\/comments?post=11910"}],"version-history":[{"count":8,"href":"https:\/\/old.devon.nl\/en\/wp-json\/wp\/v2\/pages\/11910\/revisions"}],"predecessor-version":[{"id":27240,"href":"https:\/\/old.devon.nl\/en\/wp-json\/wp\/v2\/pages\/11910\/revisions\/27240"}],"wp:attachment":[{"href":"https:\/\/old.devon.nl\/en\/wp-json\/wp\/v2\/media?parent=11910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}