Advances in DevSecOps and the Future of Cybersecurity using Automation

DevSecOps (“Development” + “Security” + “Operations”) combines security practices into the DevOps lifecycle, for a holistic, unified, and continuous approach to software development and delivery. DevSecOps closes the divide between the dev and infrastructure teams, and solves the problems that occurred in earlier methods. This paper is a study of the most recent evolutions achieved by DevSecOps, with a particular emphasis on the centrality of automation for increasing security throughout the Software Development Life Cycle (hereafter, SDLC), thus turning it into a Secure SDLC (SSDLC). The idea of DevSecOps is to bake security practices into the software development lifecycle from planning to deployment rather than applying security as an after-the-fact layer over the top, as has been the case in traditional approaches to software development. What DevSecOps is really attempting to do, then, is move beyond “securing” a vulnerable application after the fact to a place where we get it right all along with consistent, secure code at a minimal level of reiterative action. We present a full scale DevSecOps automation blue print with latest cutting-edge technologies for automated Threat Modelling, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), Docker Image Scanning, Container Scanning, Infrastructure-as-Code (IaC) Scanning, K8s Scanning, or CNAPP and CSPM.