Those working in the developer and DevOps space have invariably heard of DevSecOps and, at the very least, know how it plays a critical role in the software delivery pipeline.
But every organization is different and the tools and mechanisms for software delivery very accordingly. And once you throw into the mix the hundreds of different CI/CD tools available today, as well as the challenges associated with more-modern platforms, such as container and microservices deployments, the challenges of security and DevSecOps become that much more dauting — and in many cases, confusing.
“A lot of people don’t really know what [DevSecOps] entails. Not so much that they don’t understand the concept — they get DevOps and they know how to implement it — but I think folks are still a little skittish about DevSecOps and how to implement it,” Sonya Koptyev, director of product marketing and evangelism for Twistlock, said.