Автор: Steve Suehring
Издательство: O’Reilly Media, Inc.
Год: 2024
Страниц: 195
Язык: английский
Формат: True PDF, True EPUB (Retail Copy)
Размер: 12.1 MB
How do some organizations maintain 24-7 internet-scale operations? How can organizations integrate security while continuously deploying new features? How do organizations increase security within their DevOps processes?
This practical guide helps you answer those questions and more. Author Steve Suehring provides unique content to help practitioners and leadership successfully implement DevOps and DevSecOps. Learning DevSecOps emphasizes prerequisites that lead to success through best practices and then takes you through some of the tools and software used by successful DevSecOps-enabled organizations.
You'll learn how DevOps and DevSecOps can eliminate the walls that stand between development, operations, and security so that you can tackle the needs of other teams early in the development lifecycle.
DevSecOps jobs are abundant, but looking at the requirements for those jobs, it’s quickly evident that there is no agreement on what DevSecOps actually entails. That’s what made this book quite difficult to write. I’ve written books on everything from MySQL to jаvascript to Windows Server to Linux Firewalls. Each of those technologies has a well-defined scope. Writing on Linux firewalls does not require covering several different technologies and skills in the same book. But DevSecOps is not as well-defined. Writing on DevSecOps exposes the fissures in how we define technologies, between the actual hands-on work and the hype. Even the term “DevSecOps” is not as widely used as the term “DevOps.” Granted, “DevSecOps” does not roll off the tongue as easily as “DevOps,” but it’s more than that. Simply lending a voice to the definition of DevSecOps is one of the reasons that I wrote this book.
The goal of this book is not to be a comprehensive step-by-step guide to implementing DevSecOps, whatever the term means. That book is impossible to write because of the rapid changes in tools and the highly customized needs of each organization moving toward DevSecOps. Rather, the goal of this book is to provide patterns of success while also exposing some of the technologies and practices involved in large DevSecOps deployments. The book does not cover every software tool that an organization might use in DevSecOps. This is not an omission, or if it is, the omission is intentional so that the focus can remain on processes and people rather than technology and tools. Tech and tooling will change, but having the best people implementing the best processes will always work.
What is DevSecOps? It depends on who you ask. As defined in this book, DevSecOps is a set of agile and iterative practices that help to deliver software and technology systems rapidly, accurately, and repeatedly, emphasizing processes and people above tools.
From the highest level to the lowest, a computer processor relies on an instruction set that is used to perform the operations required by the higher-level program. In effect, developers can write their programs directly as instructions for the processor, or they can use a language that is then interpreted into the instruction set required by the processor. The concern in this book is around those higher-level programming languages. PHP, jаvascript, Python, Perl, C++, and C are common higher-level programming languages that you might use today. In the case of languages like PHP and Python, you may write a full-stack web application or backend program, or you may write a smaller program. This section specifically looks at the language components involved in creating a Bash script. I assume that you have a shell environment available, specifically Bash.
With this book, you will:
Learn why DevSecOps is about culture and processes, with tools to support the processes
Understand why DevSecOps practices are key elements to deploying software in a 24-7 environment
Deploy software using a DevSecOps toolchain and create scripts to assist
Integrate processes from other teams earlier in the software development lifecycle
Help team members learn the processes important for successful software development
Who Is This Book For?
This book is for anyone interested in learning about DevSecOps and its predecessor, DevOps. You might be involved in development, operations, or security and want to learn about the melding of all three into a set of tools and processes for making production-level deployments easier. To get maximum value from the entire book, you should have a computing background, but everyone interested in DevSecOps will benefit from Chapter 1, even those without a computing background.
Being able to write code, commit and push the code, and have tests automatically executed on that code is one such practice in DevSecOps. Scaling across multiple cloud providers is common as well. All of this is done seamlessly. Of course, all of that automation needs people who understand not only the goals of the automation but how to configure it. With that in mind, if you’re interested in learning about the processes involved in DevSecOps while also being exposed to some of the technologies involved, then this book should be helpful.
Скачать Learning Devsecops: A Practical Guide to Processes and Tools