Tanzu Talk: What is DevSecOps? Part One: A Secure Software Supply Chain

May 17, 2022

Read about the other two parts, and more details here: https://tanzu.vmware.com/content/blog/devops-vs-devsecops?utm_campaign=devrel&utm_source=cote&utm_content=VideoSeries01_SSC I’ve been trying to figure out what exactly the Sec in DevSecOps is for a couple years no, I think I’ve got something. Three things in fact. Keep in mind that DevSecOps isn’t all of security, it’s just a small subset that focuses on the software you write and run. Anyhow, here’s the first. A “secure software supply chain.” That’s a fancy word for trusting and validating the code goes into your apps, the builds. This is code your write, other services you use, and nowadays external services you might rely on. Not only that, but the tools that you and your developers use to put together the apps. Source control, collaboration, and project management tools: everything is a target! To figure out what to do here, chart out every single activity that happens from idea to coding to a person using that feature. What are you doing to secure each step? And pay close attention to the arrows in between the boxes, that’s where a lot gets hidden. Once you’ve verified this, you’ll need to document it and make sure it obeys the policies you have in place. Most all organizations have their own security policy and also external policy, such as laws and regulations, they need to follow. You’ve got to document it! There’s more to it, or course. To read what I think DevSecOps, check out my write-up, and look for the other two tiny videos on DevSecOps: https://tanzu.vmware.com/content/blog/devops-vs-devsecops?utm_campaign=devrel&utm_source=cote&utm_content=VideoSeries01_SSC

Previous
Demo: VMware Tanzu Cloud Service Broker for Google Cloud Platform
Demo: VMware Tanzu Cloud Service Broker for Google Cloud Platform

Check out this video to see how the Tanzu Cloud Service Broker for Google Cloud Platform can expand your VM...

Next Video
Spring Office Hours - Episode 004
Spring Office Hours - Episode 004

Join Dan Vega and DaShaun Carter as they explore what’s new in the world of Spring. This is your chance to ...

Subscribe to our videos on YouTube!

Subscribe