Getting Started

Our mission is to be a collaborative location for engineers to contribute knowledge to assist organizations in building security into the product. This can include topics such as CI/CD practices, cloud security, cloud engineering, application security, and automating security processes within an organization.

This site is built with Hugo, Terraform, and GitHub Actions to facilitate a vibrant community of professionals to contribute to public knowledge and empower engineers to secure their organizations. Please consider contributing to assist in bringing security knowledge available to the public.

What is DevSecOps?#

DevSecOps is integrating security testing at every stage of the software development process which includes tools and processes that encourage collaboration between developers, security, and operation teams. Empowering engineers is the primary focus of a DevSecOps team. Providing engineers with expertise, tools, libraries, processes, and procedures is crucial to the success of security teams. Not seen as a blocker to getting work done. Shifting focus on quality as a priority breeds security through maintainability and best practices.

Purpose#

This documentation site will cover how you can build out your program, assist in achieving each milestone, and how to build security into your product. In the next section, Minimum Viable DevSecOps, we will cover all the soft skills that are required as well as potential approaches you can take for each section. Next we will talk about proliferating security culture throughout an organization.