Does your DevOps have no security problem?

These days, almost all companies want to try cloud transformation, microservices, open sources, etc. One of the trendy pieces of stuff is DevOps, even though it has been already more than 10 years!. (The concept of DevOps emerged out of a discussion between Andrew Clay and Patrick Debois in 2008.)

I don’t need a long speech for talking about how good the DevOps is, but we also need to consider whether my DevOps is secure enough. Before addressing security viewpoints, let’s talk about the DevOps 101 to know the basic pipeline stages.

Basic DevOps Pipeline Stages

The stage can be higher level like development → Build → Test → Deploy. In each stage, there are a lot of tools, human inputs, processes, and assets (code, file, data, etc.), which may bring high risks if we fail to manage well.

Now we can discuss whether or not your DevOps is truly considered for security.

Security Points in the pipeline

Do you have the controls to manage the credentials?