Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/mictlantech/mictlantech

Config files for my GitHub profile.
https://github.com/mictlantech/mictlantech

config github-config

Last synced: 8 months ago
JSON representation

Config files for my GitHub profile.

Awesome Lists containing this project

README 

          
- šŸ‘‹ Hi, Iā€™m @MictlanTech

- šŸ‘€ Iā€™m interested in DevSecOps, Cloud Technologies, Virtualization, Infrastructure As Code

- šŸŒ± Iā€™m currently learning CybeSecurity

- šŸ’žļø Iā€™m looking to collaborate on Innovation projects

- šŸ“« How to reach me marianosotoh@gmail.com

- šŸ˜„ Pronouns: He, Him

- āš” Fun fact: Mictlantecutli

- šŸŒ Website: https://mictlan.cloud



# What is DevSecOps



**DevSecOps** stands for ***Development, Security, and Operations.*** It's an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle. The goal of DevSecOps is to bridge traditional gaps between IT and security while ensuring fast, safe delivery of code. In the DevSecOps model, security is integrated into every phase of the development process, rather than being added in at the end, which was often the case in traditional development practices.



![DevSecOps Infinite lifecycle with on Aztec stye](https://raw.githubusercontent.com/MictlanTech/MictlanTech/main/DevSecOps05.webp)



## Key aspects of DevSecOps:



**1. Integration of Security Practices:** Security measures and testing are integrated early in the development process. This can include practices such as automated security testing in the CI/CD pipeline, threat modeling, and code reviews with a security focus.



**2. Collaboration and Shared Responsibility:** DevSecOps promotes a culture where security is everyone's responsibility, not just the security team. Developers, operations, and security professionals collaborate closely to ensure that security considerations are integrated throughout the development, deployment, and maintenance processes.



**3. Automation:** DevSecOps heavily relies on automation to integrate security testing and compliance checks seamlessly into the development and deployment pipelines. This helps in identifying and addressing vulnerabilities early, reducing the risk of security issues in production.



**4. Continuous Security:** Just as continuous integration and continuous delivery (CI/CD) are core to DevOps, continuous security is a core aspect of DevSecOps. This means security is considered at every stage of software development and operations, with continuous monitoring and automation to detect and respond to security issues in real-time.



**5. Shift Left Security:** This concept refers to integrating security measures as early as possible in the development process ("shifting left" on the project timeline), which helps in identifying and mitigating security vulnerabilities much earlier, saving time and resources.



**6. Feedback Loops:** DevSecOps encourages quick feedback loops between the security, development, and operations teams. This helps in rapidly addressing security concerns and ensuring that security considerations are effectively communicated and understood across teams.



By integrating security into the DevOps process, organizations aim to reduce vulnerabilities, improve security posture, and ensure faster, safer software releases. DevSecOps represents an evolution of the DevOps philosophy, emphasizing that security is not just an add-on but an integral part of the entire software development and deployment lifecycle.