What is DevSecOps?
Integrating security practices into every stage of the DevOps pipeline.
DevSecOps extends DevOps by integrating security checks at every stage of the development pipeline rather than treating security as a final gate. 'Shift left' means catching vulnerabilities earlier (in developer IDE, PR review, CI) rather than in production. Practices include SAST/DAST scanning, dependency auditing (Dependabot, Trivy), container image scanning, secret detection, and IaC security scanning (Checkov, tfsec).
Deep Dive Guide
how to build devsecops pipeline
Related Terms
More Security Terms
Falco
A runtime security tool that detects anomalous behavior in containers using eBPF/syscalls.
JWT (JSON Web Token)
A compact, self-contained token format for transmitting claims between parties.
mTLS (Mutual TLS)
Two-way TLS authentication where both client and server verify each other's certificates.
OAuth2
An authorization framework allowing third-party apps limited access to user accounts.
OIDC (OpenID Connect)
An identity layer on top of OAuth2 that provides user authentication.
OPA (Open Policy Agent)
A general-purpose policy engine for enforcing authorization decisions across the stack.
Test your knowledge of DevSecOps and 130 other DevOps concepts