How DevOps evolved into DevSecOps: Embracing security in software development

How DevOps evolved into DevSecOps: Embracing security in software development

The journey from DevOps to DevSecOps signifies a shift towards valuing security more prominently in how you create and maintain code, highlighting its increased importance within your software development and operations ...
DevSecOps maturity model: A beginner’s guide

DevSecOps maturity model: A beginner’s guide

In recent years, DevSecOps swiftly emerged as a crucial new paradigm in software development, prioritizing the integration of security into DevOps practices ...
What goes great with SLSA? Sonatype.

What goes great with SLSA? Sonatype.

In our previous blog post, we delved into the critical role of SLSA in bolstering software supply chain security. Shifting the focus, this post centers on the seamless compatibility between SLSA and ...
How can SLSA help secure your software supply chain?

How can SLSA help secure your software supply chain?

The best software development teams are constantly looking for ways to secure their software supply chains, ensuring the authenticity and quality of open source software components they consume. Just as food products ...
DevSecOps: A beginner's guide

DevSecOps: A beginner’s guide

Creating software can be at equal times challenging and rewarding.  Developers face the unrelenting demand to deliver feature-rich applications and value to their users and customers. Open source components, which comprise up ...
Getting started with the Secure Software Development Framework (SSDF)

Getting started with the Secure Software Development Framework (SSDF)

In today’s software-driven world, it’s crucial to ensure the security of software during development. Yet many software development life cycle (SDLC) models lack specific emphasis on software security, requiring the addition of ...

Did You Try Turning It Off and On?

The chapter, "Did You Try Turning It Off and On?" is included in Epic Failures in DevSecOps, Volume 2, which is available for free download ...

Six Memorable Sessions with Government DevSecOp Leaders: What We Learned

The afternoon of May 6th made clear that the time for DevSecOps is now across the federal government. An audience of over 500 attendees across the public sector joined together online to ...

Myth Busting in DevSecOps

Larry Maccherone leads the DevSecOps efforts at Comcast. In this episode of DevSecOps: The Good, The Bad, and The Ugly, he busts some common DevSecOps myths and shares more about his DevSecOps ...

The World Bank Group’s Cloud Journey With DevSecOps

Editor's Note: We are hosting DevSecOps Leadership Forum virtual events. Register to hear directly from leaders in London and North America. In this post, we cover what William Zhang, Andy Gao, and ...