Having a monolithic CI/CD pipeline for both CI/CD and Security (SAST/DAST/SCA) is very common, however maintaining a single pipeline to take care of all security needs is becoming an anti-pattern. Security slows down CI/CD and creates friction between Sec & Dev needs. Creating completely separate/shadow/parallel pipeline for DevSecOps needs seems to be working very well for big enterprises.


RSAC 2023 brought together thousands of cybersecurity professionals for four incredible days of expert perspectives, groundbreaking innovation, and best practices. 

Implement ZeroTrust with Dedicated DevSecOps Pipeline

Conference: RSA Conference 2023

Authors: Kayra Otaner

Abstract

Post a comment

Related work

5 Open Source Security Tools All Developers Should Know About

Getting More “Sec” out of DevSecOps Pipelines

5 Open Source Security Tools All Developers Should Know About

Top 10 Challenges for DevSecOps

DevSecOps Playbook: A step-by-step guide to implementing a DevSecOps program