OWASP DevSecOps Guideline - v-0.2

Introduction to the OWASP DevSecOps Guideline

The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use in this matter. Also, the project is trying to help us promote the shift-left security culture in our development process. This project helps any companies of each size that have a development pipeline or, in other words, have a DevOps pipeline. We try to draw a perspective of a secure DevOps pipeline during this project and then improve it based on our customized requirements.

The Ideal goal is “detect security issues (by design or application vulnerability) as fast as possible.”

Maybe the following picture can describe the goal of securing pipelines better. As you can see, we can add more steps in Dev pipelines and deliver products more secure and reliable to the products’ customers. We just put some open-source and commercial tools as an example in this image. As always, you are free to select tools and the exact location where you want to implement the tools. Besides implementing more security steps, Having a central vulnerabilities management solution can help to have a good view of the application security outlook in one picture.

Secure Pipeline