A bit about DevSecOps

Jun 14, 2025 · 1 min read · devsecops security devops ·

Since I'm currently working on building a new course, I decided to write a post on this topic too. What exactly is the essence of the DevSecOps approach, and how does it differ from how security problems used to be handled?

🔵 Before

A separate security team (if there even is one, ahem) periodically runs its tests against the lab environment for known vulnerabilities, and sometimes against production right away. It might even look at the application's code, but that's not certain. Then it gives feedback to the developers if there's anything to fix.

🔵 Now

Static (code) and dynamic (running application) checks are built into the CI pipeline, and developers continuously get feedback from analyzer tools. Security becomes a shared responsibility, not just that of the security team.

📎 As for the tools themselves, prime examples are SonarQube and Checkmarx.

Security isn't only about code, it's also about infrastructure, which must be architecturally secure. And organizationally as well.

That said, far from everyone bothers with such things, which is why leaks of user data are a very common occurrence. But one thing is clear: all of this can and should be fought, and demand for adopting DevSecOps will only grow.