Application Security
DevSecOps
Also known as: SecDevOps, Rugged DevOps
Definition
A culture and set of practices that integrates security responsibilities into DevOps workflows so engineers ship secure software continuously and at speed.
Examples
- Running Trivy, Semgrep and Gitleaks on every pull request in a GitHub Actions pipeline.
- Enforcing OPA/Conftest policy-as-code on Terraform plans before they can be applied.
Related terms
Application Security (AppSec)
The discipline of designing, building, testing and operating software so it resists abuse, tampering and unauthorized access throughout its lifecycle.
Secure Software Development Lifecycle (SSDLC)
A development lifecycle in which security activities are embedded into every phase, from requirements and design through coding, testing, release and operations.
Shift-Left Security
The practice of moving security activities earlier in the software lifecycle so vulnerabilities are found and fixed before code reaches production.
SAST (Static Application Security Testing)
Automated analysis of source code, bytecode or binaries — without executing it — to find security weaknesses such as injection, unsafe APIs or insecure crypto.
SCA (Software Composition Analysis)
Automated analysis of an application's open-source and third-party components to identify known vulnerabilities, license issues and outdated or risky dependencies.
Secure Coding
Secure Coding — definition coming soon.