{"id":61485,"date":"2023-04-20T20:25:38","date_gmt":"2023-04-20T20:25:38","guid":{"rendered":"https:\/\/www.azul.com\/?post_type=glossary&#038;p=61485"},"modified":"2024-06-04T15:22:13","modified_gmt":"2024-06-04T15:22:13","slug":"devsecops","status":"publish","type":"glossary","link":"https:\/\/www.azul.com\/ja\/glossary\/devsecops\/","title":{"rendered":"DevSecOps"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"what-is\">What is DevSecOps?<\/h2>\n\n\n\n<p>DevSecOps, (Development, Security, and Operations), is an approach to software development that integrates security practices into the DevOps process. The goal of DevSecOps is to ensure that security is an integral part of the software development life cycle, rather than an afterthought or a separate process.<\/p>\n\n\n\n\n\n<section    class=\"c-smart-content c-smart-content--color-dark c-smart-content--mt-default c-smart-content--mb-default c-smart-content--pt-default c-smart-content--pb-default c-smart-content--color-1 o-component o-component--color-dark o-component--mt-default o-component--mb-default o-component--pt-default o-component--pb-default\"\n\n            id=\"block_686fe82c82ff42d78bcac3b1739cb824\"\n    \n    >\n    \n    <div class=\"o-component__wrap\">\n                    <div class=\"o-container\">\n        \n\n    \n    <div class=\"c-smart-content__grid c-smart-content__grid--3-cols\">\n        \n<a    class=\"c-smart-content__grid-item o-card o-card--has-image o-card--text-dark\"\n\n    \n            href=\"https:\/\/www.azul.com\/report\/2023-state-of-java\/\"\n        target=\"_blank\"\n    >\n    \n            \n    <span class=\"o-card__image o-picture o-picture--card\">\n\n<picture>\n                        \n            \n            <source\n                media=\"(max-width: 425px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=377&#038;s=7e635e0ec2138b69bf68e9d2ecdbecfc 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=754&#038;s=ee8ba64d380bd312a790655d71eeffb2 2x\"\n            >\n                    \n            \n            <source\n                media=\"(max-width: 767px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=719&#038;s=d863a6a2eb7099039ec6e176fa7b48d4 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=1438&#038;s=d7617f75ecd38b30b18325ffc7be90cb 2x\"\n            >\n                    \n            \n            <source\n                media=\"(max-width: 1023px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=309&#038;s=f35e6e13b260ab902a0f6a962645d44b 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=618&#038;s=1e5651b0a3ad480a4b559ccc7404d93b 2x\"\n            >\n                    \n            \n            <source\n                media=\"(max-width: 1440px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=357&#038;s=c7f274d05496acdb542176c97f174065 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=714&#038;s=ca2bc6a8c1a4f1689f0b7df5bb8083cd 2x\"\n            >\n            \n    <img alt=\"SoJ - Template1 - 1200x630 - 1\" class=\"o-picture__image\" height=\"187\" loading=\"lazy\" onerror=\"this.onerror=null;this.srcset=&quot;https:\/\/www.azul.com\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg&quot;;while(this.parentNode.getElementsByTagName(&quot;source&quot;).length){this.parentNode.getElementsByTagName(&quot;source&quot;)[0].remove();}\" onload=\"if (this.parentNode.previousElementSibling) this.parentNode.previousElementSibling.remove()\" srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=357&#038;s=c7f274d05496acdb542176c97f174065 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/State-of-Java-2023-OG-Image.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=714&#038;s=ca2bc6a8c1a4f1689f0b7df5bb8083cd 2x\" width=\"357\">\n<\/picture>\n\n\n    <\/span>\n    \n    <div class=\"o-card__content\">\n                    \n<div  class=\"o-card__text-overline o-overline o-overline--pill\"\n  style=\"--setting--overline-bg-color: #DCFEFF; --setting--overline-text-color: #035E5E;\">\n  Research &#038; White Papers<\/div>\n        \n                    \n<h3  class=\"o-card__text-headline o-headline o-headline--h5 s-medium\"\n    >\n  Azul State of Java Survey and Report 2023<\/h3>\n        \n        \n        \n                    <div class=\"o-card__button\">\n                \n<button  class=\"o-card__button-cta o-button o-button--navy-900 o-button--text o-button--next\"\n\n  \n  >\n  \n  \n  <span class=\"o-button__label\">Read Now<\/span>\n\n      \n<i\n  class=\"o-button__icon o-icon\"\n  >east<\/i>\n  \n  <\/button>\n            <\/div>\n            <\/div>\n<\/a>\n\n<a    class=\"c-smart-content__grid-item o-card o-card--id-1 o-card--has-image o-card--text-dark\"\n\n    \n            href=\"https:\/\/www.azul.com\/blog\/moving-security-into-the-jvm\/\"\n        target=\"_self\"\n    >\n    \n            \n    <span class=\"o-card__image o-picture o-picture--card\">\n\n<picture>\n                        \n            \n            <source\n                media=\"(max-width: 425px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=377&#038;s=a5c0bdf835aa5d46541bfa78473dcdbf 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=754&#038;s=46cdbc6d951075aec3532755c813d77a 2x\"\n            >\n                    \n            \n            <source\n                media=\"(max-width: 767px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=719&#038;s=936f0947aa7eb892445a34276012687c 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=1438&#038;s=3c8bb0c0df0fccd47fa6c0b6521c5a1b 2x\"\n            >\n                    \n            \n            <source\n                media=\"(max-width: 1023px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=309&#038;s=3f536a764545d7e2e2ec62c367df4ede 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=618&#038;s=cbf10d7fd7b30d13ed7d8e3cd5a001a8 2x\"\n            >\n                    \n            \n            <source\n                media=\"(max-width: 1440px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=357&#038;s=7de869d7c2bd51d7b1185c49b8caf870 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=714&#038;s=4c46c81824269c5acf7eb14391058c28 2x\"\n            >\n            \n    <img class=\"o-picture__image\" height=\"139\" loading=\"lazy\" onerror=\"this.onerror=null;this.srcset=&quot;https:\/\/www.azul.com\/wp-content\/uploads\/11-2-security-jvm.jpg&quot;;while(this.parentNode.getElementsByTagName(&quot;source&quot;).length){this.parentNode.getElementsByTagName(&quot;source&quot;)[0].remove();}\" onload=\"if (this.parentNode.previousElementSibling) this.parentNode.previousElementSibling.remove()\" srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=357&#038;s=7de869d7c2bd51d7b1185c49b8caf870 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/11-2-security-jvm.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=714&#038;s=4c46c81824269c5acf7eb14391058c28 2x\" width=\"357\">\n<\/picture>\n\n\n    <\/span>\n    \n    <div class=\"o-card__content\">\n                    \n<div  class=\"o-card__text-overline o-overline o-overline--pill\"\n  style=\"--setting--overline-bg-color: #FEEBFD; --setting--overline-text-color: #74299E;\">\n  Security<\/div>\n        \n                    \n<h3  class=\"o-card__text-headline o-headline o-headline--h5 s-medium\"\n    >\n  Moving Security into the JVM<\/h3>\n        \n                    <div class=\"o-card__text-subheadline s-wysiwyg o-card__text-subheadline--image\">\n                Erik Costlow \/ 11\u6708 2, 2022            <\/div>\n        \n        \n                    <div class=\"o-card__button\">\n                \n<button  class=\"o-card__button-cta o-button o-button--navy-900 o-button--text o-button--next\"\n\n  \n  >\n  \n  \n  <span class=\"o-button__label\">Read Now<\/span>\n\n      \n<i\n  class=\"o-button__icon o-icon\"\n  >east<\/i>\n  \n  <\/button>\n            <\/div>\n            <\/div>\n<\/a>\n\n<a    class=\"c-smart-content__grid-item o-card o-card--id-2 o-card--has-image o-card--text-dark\"\n\n    \n            href=\"https:\/\/www.azul.com\/dzone-report-secure-java-runtime-environment\/\"\n        target=\"_self\"\n    >\n    \n            \n    <span class=\"o-card__image o-picture o-picture--card\">\n\n<picture>\n                        \n            \n            <source\n                media=\"(max-width: 425px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=377&#038;s=6723cb11f564aa9d0a690b116ba47d7a 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=754&#038;s=15b47f4b6de2f0be85dfb618c9f8a2c2 2x\"\n            >\n                    \n            \n            <source\n                media=\"(max-width: 767px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=719&#038;s=10da51d3ddc8ee8e18f0a02d57ff0cc7 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=1438&#038;s=03e39eb4d9603e5ee72cce827fbfae66 2x\"\n            >\n                    \n            \n            <source\n                media=\"(max-width: 1023px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=309&#038;s=c057e8377cda04d044f86b271cd132cb 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=618&#038;s=599857cabbeaf59f1dc4eb857ffa9401 2x\"\n            >\n                    \n            \n            <source\n                media=\"(max-width: 1440px)\"\n                srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=357&#038;s=e9537dd2d04d696ec3e6a42fa2139c7c 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=714&#038;s=3bf6d78939459d437b1c30d8fe4f4f85 2x\"\n            >\n            \n    <img alt=\"Enterprise Application Security - Building Secure and Resilient Applications-min\" class=\"o-picture__image\" height=\"274\" loading=\"lazy\" onerror=\"this.onerror=null;this.srcset=&quot;https:\/\/www.azul.com\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg&quot;;while(this.parentNode.getElementsByTagName(&quot;source&quot;).length){this.parentNode.getElementsByTagName(&quot;source&quot;)[0].remove();}\" onload=\"if (this.parentNode.previousElementSibling) this.parentNode.previousElementSibling.remove()\" srcset=\"https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=357&#038;s=e9537dd2d04d696ec3e6a42fa2139c7c 1x, https:\/\/azul.imgix.net\/wp-content\/uploads\/Enterprise-Application-Security-Building-Secure-and-Resilient-Applications-min.jpg?auto=format&#038;crop=faces,entropy&#038;fit=crop&#038;q=80&#038;ar=1.91082802548&#038;w=714&#038;s=3bf6d78939459d437b1c30d8fe4f4f85 2x\" width=\"357\">\n<\/picture>\n\n\n    <\/span>\n    \n    <div class=\"o-card__content\">\n                    \n<div  class=\"o-card__text-overline o-overline o-overline--pill\"\n  style=\"--setting--overline-bg-color: #DCFEFF; --setting--overline-text-color: #035E5E;\">\n  Research &#038; White Papers<\/div>\n        \n                    \n<h3  class=\"o-card__text-headline o-headline o-headline--h5 s-medium\"\n    >\n  Enterprise Application Security:\u00a0Building Secure and Resilient Applications<\/h3>\n        \n        \n        \n                    <div class=\"o-card__button\">\n                \n<button  class=\"o-card__button-cta o-button o-button--navy-900 o-button--text o-button--next\"\n\n  \n  >\n  \n  \n  <span class=\"o-button__label\">Read Now<\/span>\n\n      \n<i\n  class=\"o-button__icon o-icon\"\n  >east<\/i>\n  \n  <\/button>\n            <\/div>\n            <\/div>\n<\/a>\n    <\/div>\n\n\n          <\/div>\n      <\/div>\n<\/section>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"when\">When should companies use DevSecOps?<\/h2>\n\n\n\n<p>In traditional software development, security is often viewed as a separate function that is handled by a separate team or group. If your company has siloed security as a separate function leading to security issues being discovered late in the development process, it can become costly to fix and can delay the release of the software.&nbsp;<\/p>\n\n\n\n<p>DevSecOps, on the other hand, emphasizes collaboration and communication between development, security, and operations teams. By integrating security practices into the development process, DevSecOps aims to identify and address security issues earlier in the development cycle, reducing the risk of security breaches and improving the overall security of the software.&nbsp;<\/p>\n\n\n\n<p>DevSecOps includes practices such as threat modeling, secure coding, continuous security testing, and automated security checks. These practices are integrated into the DevOps process, ensuring that security is considered at every stage of the software development life cycle.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"benefits\">What are the benefits of DevSecOps?<\/h2>\n\n\n\n<p>DevSecOps can help companies develop higher quality software more quickly with less risk.&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"1\">\n<li><strong>Improved security: <\/strong>DevSecOps integrates security into the development process from the beginning, rather than treating it as an afterthought. This helps to identify and fix security issues earlier in the development cycle, reducing the risk of vulnerabilities being introduced into the code.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>Accelerated time-to-market:<\/strong> DevSecOps encourages teams to work together and collaborate more effectively, which can help to streamline the development process and reduce the time it takes to bring a product to market.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li><strong>Improved quality:<\/strong> By integrating security into the development process, DevSecOps can help to identify and address quality issues earlier, resulting in higher-quality software.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li><strong>Increased agility:<\/strong> DevSecOps encourages teams to be more agile and flexible, allowing them to respond more quickly to changing customer requirements and market conditions.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li><strong>Better collaboration:<\/strong> DevSecOps requires close collaboration between development, security, and operations teams, breaking down silos and encouraging more effective communication and cooperation.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li><strong>Reduced risk taking:<\/strong> By integrating security into the development process and identifying vulnerabilities earlier, DevSecOps can help to reduce the risk of security breaches and other incidents that could have a negative impact on the business.&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"challenges\">What are the challenges associated with DevSecOps?&nbsp;<\/h2>\n\n\n\n<p>When integrating security into the software development process, with the goal of building more secure and resilient applications, there are various challenges that organizations face including:&nbsp;&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\" start=\"1\">\n<li><strong>Change management stubbornness: <\/strong>DevSecOps requires a cultural shift, where security is not an afterthought but rather a key part of the development process. This can be challenging, as developers may not be used to thinking about security, and security teams may not be accustomed to working closely with developers.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\">\n<li><strong>Resource constraints:<\/strong> DevSecOps requires personnel with both development and security expertise, which can be difficult to find. Organizations may need to invest in training or hiring additional staff to fill this gap.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"3\">\n<li><strong>Heavy tooling and automation burdens: <\/strong>DevSecOps relies heavily on tooling and automation to integrate security into the development process. However, many organizations may not have the necessary tools or expertise to implement automation effectively.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li><strong>Regulation: <\/strong>Many industries are subject to regulations and compliance requirements that impact software development, such as PCI-DSS or HIPAA. DevSecOps needs to ensure that these requirements are met, which can be challenging in a fast-paced development environment.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li><strong>Security slows down performance speed:<\/strong> DevSecOps aims to increase the speed of software development while maintaining security. However, there is a risk that security measures may slow down the development process, so finding the right balance between speed and security is crucial.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li><strong>Continuous improvement:<\/strong> DevSecOps is a continuous process that requires ongoing improvement and refinement. Organizations need to be willing to learn from mistakes, make changes, and adapt their processes to ensure they are continually improving their security posture.&nbsp;<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"architecture\">What does a DevSecOps architecture look like?<\/h2>\n\n\n\n<p>A DevSecOps architecture has several architectural components and practices. It involves using automation tools, integrating security testing into the CI\/CD pipeline, managing infrastructure through IaC, continuous monitoring, and collaboration between teams.&nbsp;<\/p>\n\n\n\n<p><strong>Automation tools:<\/strong> DevSecOps heavily relies on automation tools that are used to automatically test code, identify vulnerabilities, and manage the deployment of applications.&nbsp;<\/p>\n\n\n\n<p><strong>Continuous Integration and Deployment (CI\/CD) pipeline:<\/strong> DevSecOps requires a well-defined and automated CI\/CD pipeline to enable fast and reliable deployment of software. This pipeline includes various stages, such as building, testing, and deploying code.&nbsp;<\/p>\n\n\n\n<p><strong>Infrastructure as code: <\/strong>DevSecOps advocates for using Infrastructure as Code (IaC) to enable teams to manage infrastructure in a consistent and automated way, which reduces the risk of human errors and makes it easier to maintain security posture.&nbsp;<\/p>\n\n\n\n<p><strong>Security testing:<\/strong> DevSecOps includes various security testing practices, such as static analysis, dynamic analysis, and <a href=\"https:\/\/www.azul.com\/glossary\/penetration-testing\/\">penetration testing<\/a>. These tests are integrated into the CI\/CD pipeline and help identify vulnerabilities and ensure code is secure before deployment.\u00a0<\/p>\n\n\n\n<p><strong>Monitoring and logging:<\/strong> DevSecOps emphasizes continuous monitoring and logging of application and infrastructure components, which enables teams to identify and respond to security incidents in real-time.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"use-cases\">What use cases are best suited for DevSecOps?<\/h2>\n\n\n\n<p>While DevSecOps can be applied to any software development project that requires a high level of security and reliability, some of the best use cases include:&nbsp;<\/p>\n\n\n\n<p><strong>Cloud Security:<\/strong> DevSecOps can help organizations secure their cloud infrastructure by integrating security measures into the deployment pipeline and ensuring that security policies and procedures are followed throughout the development process.&nbsp;<\/p>\n\n\n\n<p><strong>Mobile Application Development:<\/strong> DevSecOps can be used to ensure that security is integrated into the development of mobile applications, which are increasingly becoming a target for cyber attackers.&nbsp;<\/p>\n\n\n\n<p><strong>Compliance: <\/strong>DevSecOps can be used to help organizations comply with various regulatory frameworks and standards, such as HIPAA, PCI DSS, and GDPR, by ensuring that security is integrated into the development process and that compliance requirements are met.&nbsp;<\/p>\n\n\n\n<p><strong>Incident Response:<\/strong> DevSecOps can be used to develop and implement incident response plans, which can help organizations respond quickly and effectively to security incidents and minimize the impact of a breach.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-azul-helps\">How does Azul help with DevSecOps?<\/h2>\n\n\n\n<p>Azul\u2019s perspective is DevSecOps works conceptually, but for now it primarily exists as a theory more than  in widespread practice and employment. One reason for this is organizational inertia and culture change. DevOps has typically worked faster than security teams, which causes friction as app teams think security is holding them back and security teams think app teams are ignoring them at their own peril. There\u2019s also the perception of DevSecOps as a barrier to speed and agility, rather than an enabler.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>However, much of this dynamic fundamentally changed in 2022 when Log4J was patched in the development pipeline and yet re-appeared production. DevOps and security were under pressure to join forces and collaborate to solve critical and timely security vulnerabilities. If you are a DevOps team that has been tasked to catch security issues due to department downsizing or resource limitations, you may consider a new Java security product.<\/p>\n\n\n\n<p>Azul Vulnerability Detection is a SaaS product that leverages Azul JVMs to help organizations understand their Java application exposure to known vulnerabilities based on real usage patterns in production and dev\/test with a low false positive rate updated continuously.<\/p>\n\n\n\n\n\n<section    class=\"c-cta-band c-cta-band--color-light c-cta-band--mt-default c-cta-band--mb-default c-cta-band--pt-default c-cta-band--pb-lg c-cta-band--color-1 o-component o-component--color-light o-component--mt-default o-component--mb-default o-component--pt-default o-component--pb-lg\"\n\n            id=\"block_986a0673086c6e91088206f4a3282bbe\"\n    \n    >\n    \n    <div class=\"o-component__wrap\">\n                    <div class=\"o-container\">\n        \n<div class=\"c-cta-band__wrap c-cta-band__wrap--shadow c-cta-band__wrap--bg-white\" id=\"c-cta-band__wrap--block_986a0673086c6e91088206f4a3282bbe\">\n            \n    <span class=\"o-picture o-picture--background o-picture--cover o-picture--no-radius\">\n\n<picture>\n    \n    <img decoding=\"async\" alt=\"avd-banner\" class=\"o-picture__image\" height=\"228\" loading=\"lazy\" src=\"https:\/\/www.azul.com\/wp-content\/uploads\/avd-banner.svg?no_imgix=true\" width=\"1120\">\n<\/picture>\n\n\n    <\/span>\n    \n    <div class=\"c-cta-band__content\">\n        <div class=\"c-cta-band__text\" id=\"c-cta-band__text--block_986a0673086c6e91088206f4a3282bbe\">\n                            \n<h2  class=\"c-cta-band__headline o-headline o-headline--h2 s-medium\"\n    >\n  Azul Vulnerability Detection<\/h2>\n            \n                            \n<div  class=\"c-cta-band__description o-description o-description--body s-wysiwyg s-wysiwyg--description\"\n\n  >\n  <p>Continuously detect known vulnerabilities<br \/>\nin your Java applications in production.<\/p>\n<\/div>\n                    <\/div>\n\n                    <div class=\"c-cta-band__cta\">\n                \n<a  class=\"c-cta-band__cta-btn o-button o-button--fuchsia-900 o-button--white-solid\"\n\n  data-cta-band-modal-id=\"cta-band-form-modal-block_986a0673086c6e91088206f4a3282bbe\" href='https:\/\/www.azul.com\/products\/vulnerability-detection\/' target=''\n  >\n  \n  \n  <span class=\"o-button__label\">Learn More<\/span>\n\n  \n  <\/a>\n            <\/div>\n        \n            <\/div>\n<\/div>\n\n\n          <\/div>\n      <\/div>\n<\/section>\n\n<style>\n            #block_986a0673086c6e91088206f4a3282bbe,\n        #block_986a0673086c6e91088206f4a3282bbe input::placeholder {\n            color: light;\n        }\n    <\/style>\n","protected":false},"template":"","class_list":["post-61485","glossary","type-glossary","status-publish","hentry"],"acf":{"header_title":"DevSecOps","sidebar_nav_items":[{"link":{"title":"What is DevSecOps?","url":"#what-is","target":""}},{"link":{"title":"When should companies use DevSecOps?","url":"#when","target":""}},{"link":{"title":"What are the benefits of DevSecOps?","url":"#benefits","target":""}},{"link":{"title":"What are the challenges associated with DevSecOps?\u00a0","url":"#challenges","target":""}},{"link":{"title":"What does a DevSecOps architecture look like?","url":"#architecture","target":""}},{"link":{"title":"What use cases are best suited for DevSecOps?","url":"#use-cases","target":""}},{"link":{"title":"How does Azul help with DevSecOps?","url":"#how-azul-helps","target":""}}],"size":"default","color":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.7 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>What is DevSecOps? - Azul | Better Java Performance, Superior Java Support<\/title>\n<meta name=\"description\" content=\"DevSecOps, (Development, Security, and Operations), is an approach to software development that integrates security practices into the DevOps process.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.azul.com\/glossary\/devsecops\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DevSecOps\" \/>\n<meta property=\"og:description\" content=\"DevSecOps, (Development, Security, and Operations), is an approach to software development that integrates security practices into the DevOps process.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.azul.com\/glossary\/devsecops\/\" \/>\n<meta property=\"og:site_name\" content=\"Azul | Better Java Performance, Superior Java Support\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/AzulSystemsInc\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-04T15:22:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.azul.com\/wp-content\/uploads\/What-is-DevSecOps.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2388\" \/>\n\t<meta property=\"og:image:height\" content=\"1254\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@azulsystems\" \/>\n<meta name=\"twitter:label1\" content=\"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593\" \/>\n\t<meta name=\"twitter:data1\" content=\"6\u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.azul.com\/glossary\/devsecops\/\",\"url\":\"https:\/\/www.azul.com\/glossary\/devsecops\/\",\"name\":\"What is DevSecOps? - Azul | Better Java Performance, Superior Java Support\",\"isPartOf\":{\"@id\":\"https:\/\/www.azul.com\/#website\"},\"datePublished\":\"2023-04-20T20:25:38+00:00\",\"dateModified\":\"2024-06-04T15:22:13+00:00\",\"description\":\"DevSecOps, (Development, Security, and Operations), is an approach to software development that integrates security practices into the DevOps process.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.azul.com\/glossary\/devsecops\/#breadcrumb\"},\"inLanguage\":\"ja\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.azul.com\/glossary\/devsecops\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.azul.com\/glossary\/devsecops\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.azul.com\/ja\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Glossary\",\"item\":\"https:\/\/www.azul.com\/glossary\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"DevSecOps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.azul.com\/#website\",\"url\":\"https:\/\/www.azul.com\/\",\"name\":\"Azul | Better Java Performance, Superior Java Support\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.azul.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.azul.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ja\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.azul.com\/#organization\",\"name\":\"Azul\",\"alternateName\":\"Azul Systems\",\"url\":\"https:\/\/www.azul.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ja\",\"@id\":\"https:\/\/www.azul.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.azul.com\/wp-content\/uploads\/2021\/01\/logo.svg\",\"contentUrl\":\"https:\/\/www.azul.com\/wp-content\/uploads\/2021\/01\/logo.svg\",\"width\":112,\"height\":48,\"caption\":\"Azul\"},\"image\":{\"@id\":\"https:\/\/www.azul.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/AzulSystemsInc\",\"https:\/\/x.com\/azulsystems\",\"https:\/\/www.youtube.com\/channel\/UCSoJZa--HhjV9iXtbHUmm8A\",\"https:\/\/www.linkedin.com\/company\/azul-systems\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What is DevSecOps? - Azul | Better Java Performance, Superior Java Support","description":"DevSecOps, (Development, Security, and Operations), is an approach to software development that integrates security practices into the DevOps process.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.azul.com\/glossary\/devsecops\/","og_locale":"ja_JP","og_type":"article","og_title":"DevSecOps","og_description":"DevSecOps, (Development, Security, and Operations), is an approach to software development that integrates security practices into the DevOps process.","og_url":"https:\/\/www.azul.com\/glossary\/devsecops\/","og_site_name":"Azul | Better Java Performance, Superior Java Support","article_publisher":"https:\/\/www.facebook.com\/AzulSystemsInc","article_modified_time":"2024-06-04T15:22:13+00:00","og_image":[{"width":2388,"height":1254,"url":"https:\/\/www.azul.com\/wp-content\/uploads\/What-is-DevSecOps.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@azulsystems","twitter_misc":{"\u63a8\u5b9a\u8aad\u307f\u53d6\u308a\u6642\u9593":"6\u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.azul.com\/glossary\/devsecops\/","url":"https:\/\/www.azul.com\/glossary\/devsecops\/","name":"What is DevSecOps? - Azul | Better Java Performance, Superior Java Support","isPartOf":{"@id":"https:\/\/www.azul.com\/#website"},"datePublished":"2023-04-20T20:25:38+00:00","dateModified":"2024-06-04T15:22:13+00:00","description":"DevSecOps, (Development, Security, and Operations), is an approach to software development that integrates security practices into the DevOps process.","breadcrumb":{"@id":"https:\/\/www.azul.com\/glossary\/devsecops\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.azul.com\/glossary\/devsecops\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.azul.com\/glossary\/devsecops\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.azul.com\/ja\/"},{"@type":"ListItem","position":2,"name":"Glossary","item":"https:\/\/www.azul.com\/glossary\/"},{"@type":"ListItem","position":3,"name":"DevSecOps"}]},{"@type":"WebSite","@id":"https:\/\/www.azul.com\/#website","url":"https:\/\/www.azul.com\/","name":"Azul | Better Java Performance, Superior Java Support","description":"","publisher":{"@id":"https:\/\/www.azul.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.azul.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Organization","@id":"https:\/\/www.azul.com\/#organization","name":"Azul","alternateName":"Azul Systems","url":"https:\/\/www.azul.com\/","logo":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/www.azul.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.azul.com\/wp-content\/uploads\/2021\/01\/logo.svg","contentUrl":"https:\/\/www.azul.com\/wp-content\/uploads\/2021\/01\/logo.svg","width":112,"height":48,"caption":"Azul"},"image":{"@id":"https:\/\/www.azul.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/AzulSystemsInc","https:\/\/x.com\/azulsystems","https:\/\/www.youtube.com\/channel\/UCSoJZa--HhjV9iXtbHUmm8A","https:\/\/www.linkedin.com\/company\/azul-systems"]}]}},"_links":{"self":[{"href":"https:\/\/www.azul.com\/ja\/wp-json\/wp\/v2\/glossary\/61485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.azul.com\/ja\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/www.azul.com\/ja\/wp-json\/wp\/v2\/types\/glossary"}],"wp:attachment":[{"href":"https:\/\/www.azul.com\/ja\/wp-json\/wp\/v2\/media?parent=61485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}