• DevSecOps compared to DevOps
• DevSecOps fundamentals
• Is DevSecOps right for you?

GitLab: The DevSecOps platform

DevSecOps is a combination of development, security, and operations. It is an approach to software development that integrates security throughout the development lifecycle.

DevSecOps compared to DevOps

DevOps combines development and operations, with the intent to increase the efficiency, speed, and security of software development and delivery.

DevOps means working together to conceive, build, and deliver secure software at top speed. DevOps practices include automation, collaboration, fast feedback, and iterative improvement.

DevSecOps is an evolution of DevOps. DevSecOps includes application security practices in every stage of software development.

Throughout the development process, tools and methods protect and monitor your live applications. New attack surfaces, like containers and orchestrators, must also be monitored and protected. DevSecOps tools automate security workflows to create an adaptable process for your development and security teams, improving collaboration and breaking down silos. By embedding security into the software development lifecycle, you can consistently secure fast-moving and iterative processes, improving efficiency without sacrificing quality.

DevSecOps fundamentals

DevSecOps fundamentals include:

• Automation
• Collaboration
• Policy guardrails
• Visibility

For details, see this article about DevSecOps.

Is DevSecOps right for you?

If your organization is facing any of the following challenges, a DevSecOps approach might be for you.

• Development, security, and operations teams are siloed.
  If development and operations are isolated from security issues, they can’t build secure software. And if security teams aren’t part of the development process, they can’t identify risks proactively. DevSecOps brings teams together to improve workflows and share ideas. Organizations might even see improved employee morale and retention.

• Long development cycles are making it difficult to meet customer or stakeholder demands.
  One reason for the struggle could be security. DevSecOps implements security at every step of the development lifecycle, meaning that solid security doesn’t require the whole process to come to a halt.

• You’re migrating to the cloud (or considering it).
  Moving to the cloud often means bringing on new development processes, tools, and systems. It’s a great time to make processes faster and more secure — and DevSecOps could make that a lot easier.

To get started with DevSecOps, learn more, and try GitLab Ultimate for free.