The foundation of DevSecOps lies in the DevOps movement, wherein development and operations functions are creating tighter coupling with more collaboration. DevOps tooling usually includes codifying every aspect of an application stack, version controlling all the code (GitOps), and automating the build and deployment process (CI/CD).

DevSecOps is when we embed security into each of those steps.

Modern development processes have sped up the innovation process. Traditional security can’t keep pace with DevOps unless there are fundamental changes in security reviews. Security is still essential in agile development, and cloud security posture needs to be improved.

The solution is to “shift left” your cloud security efforts. That is to bring security in an automated, scalable way earlier in the development process—planning, development, and build-time. The result is higher patch rates with faster time-to-fix. With the “shift left” approach, development teams are happy because they’re making security fixes in their development cycle, and security teams are happy because security posture improves.

With cloud deployments, we have an opportunity to secure infrastructure from code to cloud. By securing infrastructure as code (IaC) templates at every stage of development, production infrastructure has the best possible chance to be secure and compliant. Bridgecrew is committed to making this as easy and seamless as possible with developer-friendly integrations and workflows.

The examples and sample code provided in this workshop are intended to be consumed as instructional content. These will help you understand how various services can be architected to build a solution while demonstrating best practices along the way. These examples, especially the intentionally vulnerable "TerraGoat" repository, are not intended for use in production environments.