DevSecOps

A collection of 55 posts

Pipeline Integrity and Security in DevSecOps

Pipeline Integrity and Security in DevSecOps

Last episode of C.J. May's series on implementing a DevSecOps program: how to harden your software delivery pipelines to maintain robust security measures.

Secure-by-Design Software in DevSecOps

Secure-by-Design Software in DevSecOps

In this new series, CJ May shares his expertise in implementing secure-by-design software processes. The second part of his DevSecOps program is all about implementing secure-by-design software pipelines.

Vulnerability Management Lifecycle in DevSecOps

Vulnerability Management Lifecycle in DevSecOps

In this new series, CJ May shares his expertise in implementing secure-by-design software processes that empower engineering teams. The first stage of his DevSecOps program: vulnerability management.

Pulumi VS Terraform: The Definitive Guide to Choosing Your IaC Tool

Pulumi VS Terraform: The Definitive Guide to Choosing Your IaC Tool

Tiexin Guo Senior DevOps Consultant, Amazon Web Services Author | 4th Coffee In the cloud-native era, Infrastructure as Code (IaC; read more about it in this blog here) has become the de-facto standard for managing cloud infrastructure, and more. While Terraform has been around for

Secure Your Secrets with .env

Secure Your Secrets with .env

Using environment variables to store secrets instead of writing them directly into your code is one of the quickest and easiest ways to add a layer of protection to your projects.

Dynamic Application Security Testing: Benefits, Pitfalls, and Top Open-Source Solutions

Dynamic Application Security Testing: Benefits, Pitfalls, and Top Open-Source Solutions

In code security, not everything is "shift left." Dynamic testing is as important to help developers build and ship secure applications on the right-hand side of the SDLC. Let's explore the benefits, pitfalls, and popular open-source DAST tools in this blog post from the Escape team.

arrow-down