Lead Image © Aleksey Mnogosmyslov, 123RF.com
DevSecOps with DefectDojo
The Early Bird
DevOps has been an integral part of software development in most organizations for years. The term encompasses various practices and tools and a kind of cultural philosophy that are intended to help automate and interlink processes between the development department and IT teams. From DevOps mechanisms, a further development has emerged in recent years: DevSecOps, DevOps plus security. In more detail, it means that security needs to play a role in every phase of the software development process: from the initial design through integration, testing, and deployment to delivery.
The principle of moving tasks – security in this case – forward as far you can in a process chain is also known as the shift-left approach. In terms of containers, shift left means taking security aspects into account as early as the container construction stage. This approach makes sense; after all, fixing incidents in production environments often involves massive amounts of money, and discovering errors at the outset of the development process is typically far less costly. Many tools have become established on the market in the shift-left and DevSecOps environment in recent years. DefectDojo [1] is one of these tools, and it is free.
DefectDojo
DefectDojo was originally developed by Rackspace but is now open source. The community is working hard on the further development of the software, with more than 350 contributors and more than 2,500 GitHub Stars. New features are released quite frequently; according to the GitHub page, an update is made approximately every two weeks. The tool integrates with a wide range of existing security tools, including security scanners, issue trackers, and reporting tools and displays their information in a centralized and easy-to-understand way.
A special feature is its ability to automate the process of running
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Jira, Confluence, and GitLab
Jira, Confluence, and GitLab are very popular DevOps tools and often form the basis for agile work flows. With the right Ansible playbooks, Ubuntu can be turned into an agile work center. -
GitLab for DevOps teams
We show you how one company uses GitLab CI as a platform for continuous integration and deployment processes. -
Stretching devices with limited resources
Compressed memory solutions for small memory problems. -
Swagger and OpenAPI Specification for documents
A REST API is especially useful for a developer if the API provider extensively documents the methods used. The Swagger tools not only semiautomatically generate an API reference, but a matching client SDK for many programming languages, as well. -
Update your Docker containers safely
A scripted approach lets you know when to update your Docker containers.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
