DevSecOps was developed to increase increase security features and reduce security defects in the design, implementation, deployment and maintenance of software. DevSecOps builds upon DevOps by increasing the importance of safe practices sooner within the software development lifecycle. Through DevOps, critical customer demands can be met sooner and trust ensured quicker when security contraints are considered earlier in the software creation process. The DevSecOps Playbook is a collection of processes, roles and tools that support migrating security to the left in the Software Supply Chain.
DevSecOps is a collection of functions that require coordination and alignment to support building secure software, scalable detection and immediate response. To support this capability, a Playbook provides the guidance necessary and eventually migrates to automated support. We consider this an evolutionary document which is being translated into code. The embodiment of this project is to provide actionable guidance within the structure of the development lifecycle, options considered and then a means for automating activities in order to uplevel and mature the process of creating safer software sooner. Automation will be derived from manual practices and matured along the way to leverage machine triggered responses.
Like everything, we're approaching writing this playbook as if it will continue to evolve while we learn. In other words, it is intended to being a living document that will constantly change. We decided to open source it to bring passionate people and experiences together to be shared. We hope that you find this book useful as we continue to develop it.