{"id":62862,"date":"2024-08-30T18:13:26","date_gmt":"2024-08-30T12:43:26","guid":{"rendered":"https:\/\/www.tothenew.com\/blog\/?p=62862"},"modified":"2024-09-03T16:08:29","modified_gmt":"2024-09-03T10:38:29","slug":"integration-of-devsecops-tools-with-jenkins","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/integration-of-devsecops-tools-with-jenkins\/","title":{"rendered":"Integration of DevSecOps tools with Jenkins"},"content":{"rendered":"<h2>Introduction<\/h2>\n<p>Basically, DevSecOps can be thought of as integrated security practices with DevOps; requiring a variety of tools to ensure security throughout the software development lifecycle.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-64623 size-medium\" src=\"https:\/\/www.tothenew.com\/blog\/wp-ttn-blog\/uploads\/2024\/08\/DALL\u00b7E-2024-08-27-11.48.09-An-infinity-loop-design-representing-DevSecOps-with-a-secure-shield-icon-overlay.-Change-the-colors-of-the-infinity-loop-to-hints-of-purple-and-magent-copy.jpg-300x228.png\" alt=\"DevSecOps\" width=\"300\" height=\"228\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2024\/08\/DALL\u00b7E-2024-08-27-11.48.09-An-infinity-loop-design-representing-DevSecOps-with-a-secure-shield-icon-overlay.-Change-the-colors-of-the-infinity-loop-to-hints-of-purple-and-magent-copy.jpg-300x228.png 300w, \/blog\/wp-ttn-blog\/uploads\/2024\/08\/DALL\u00b7E-2024-08-27-11.48.09-An-infinity-loop-design-representing-DevSecOps-with-a-secure-shield-icon-overlay.-Change-the-colors-of-the-infinity-loop-to-hints-of-purple-and-magent-copy.jpg-768x585.png 768w, \/blog\/wp-ttn-blog\/uploads\/2024\/08\/DALL\u00b7E-2024-08-27-11.48.09-An-infinity-loop-design-representing-DevSecOps-with-a-secure-shield-icon-overlay.-Change-the-colors-of-the-infinity-loop-to-hints-of-purple-and-magent-copy.jpg-624x475.png 624w, \/blog\/wp-ttn-blog\/uploads\/2024\/08\/DALL\u00b7E-2024-08-27-11.48.09-An-infinity-loop-design-representing-DevSecOps-with-a-secure-shield-icon-overlay.-Change-the-colors-of-the-infinity-loop-to-hints-of-purple-and-magent-copy.jpg.png 984w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Often, we unknowingly add details to our code or use compromised packages, leading to potential breaches in our system. To mitigate this, we use various DevSecOps tools to ensure there is no scope for breaches after the deployment of our deliverables.<\/p>\n<p>In this scenario, We&#8217;ll be using Jenkins as our CI\/CD tool in a Linux-based server (RHEL) with the following DevSecOps tools:<\/p>\n<ul>\n<li>Gitleaks<\/li>\n<li>SonarQube<\/li>\n<li>OWASP Dependency Check<\/li>\n<li>Grype image scanner<\/li>\n<\/ul>\n<h2><strong>Prerequisites<\/strong><\/h2>\n<ol>\n<li>EC2 instance or any cloud VM with at least 2 vCPU and 2 GiB for efficiency.<\/li>\n<li>Jenkins was installed on the server with a sample pipeline.<\/li>\n<li>SonarQube is installed on any server.<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h2><strong>1. Gitleaks<\/strong><\/h2>\n<p>Gitleaks is a tool designed for secrets detection (like API keys, tokens, passwords, and other sensitive information) and prevention from being committed into versioning control systems, majorly Git repositories. This tool would help developers and security teams ensure that sensitive data does not get added to the code base inadvertently, which may result in security vulnerabilities on exposure.<\/p>\n<h4><strong>Steps to install &amp; Integrate:<\/strong><\/h4>\n<p>Run the following commands to install gitleaks:<\/p>\n<pre>wget https:\/\/github.com\/zricethezav\/gitleaks\/releases\/download\/v8.10.0\/gitleaks-v8.10.0-linux-amd64.tar.gz\r\ntar -xzf gitleaks-v8.10.0-linux-amd64.tar.gz\r\nmv gitleaks \/usr\/local\/bin\/<\/pre>\n<p>Add the below command to your Jenkins pipeline:<\/p>\n<pre>gitleaks detect --source=. --report-format=json --report-path=gitleaks-report.json || true<\/pre>\n<ul>\n<li>&#8211;source is the path of the directory that needs to be scanned<\/li>\n<li>&#8211;report-format denotes the format in which we want the report<\/li>\n<li>&#8211;report-path is where the gitleaks will save the report<span style=\"text-decoration: underline;\"><strong>Note:<\/strong><\/span> &#8221; || true&#8221; is written at the end because if there are any leaks found then the pipline will stop as the command returns 0, So to bypass this we have mentioned &#8220;|| true&#8221; here.<\/li>\n<\/ul>\n<div id=\"attachment_62857\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img aria-describedby=\"caption-attachment-62857\" decoding=\"async\" loading=\"lazy\" class=\"wp-image-62857 size-large\" src=\"https:\/\/www.tothenew.com\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-11.46.40\u202fAM-1-1024x314.png\" alt=\"Gitleaks Sample Report\" width=\"625\" height=\"192\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-11.46.40\u202fAM-1-1024x314.png 1024w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-11.46.40\u202fAM-1-300x92.png 300w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-11.46.40\u202fAM-1-768x235.png 768w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-11.46.40\u202fAM-1-1536x470.png 1536w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-11.46.40\u202fAM-1-2048x627.png 2048w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-11.46.40\u202fAM-1-624x191.png 624w\" sizes=\"(max-width: 625px) 100vw, 625px\" \/><p id=\"caption-attachment-62857\" class=\"wp-caption-text\">Gitleaks Sample Report<\/p><\/div>\n<h2><strong>2. SonarQube<\/strong><\/h2>\n<p>SonarQube is an open-source platform for continuous inspection of code quality. The system delivers automatic reviews by way of static code analysis for bugs, code smells, and security vulnerabilities in a number of programming languages. SonarQube wants developers to write cleaner and safer code by undertaking in-depth analyses and giving feedback.<\/p>\n<h4><strong>Steps to install &amp; Integrate:<\/strong><\/h4>\n<p>Download the sonar scanner cli from this link: <a href=\"https:\/\/docs.sonarsource.com\/sonarqube\/latest\/analyzing-source-code\/scanners\/sonarscanner\/\">https:\/\/docs.sonarsource.com\/sonarqube\/latest\/analyzing-source-code\/scanners\/sonarscanner\/<\/a><\/p>\n<p>Run the following commands:<\/p>\n<pre>sudo mv sonar-scanner-&lt;version&gt;-linux \/opt\/sonar-scanner\r\nexport SONAR_SCANNER_HOME=\/opt\/sonar-scanner\r\nexport PATH=$PATH:$SONAR_SCANNER_HOME\/bin\r\nsource ~\/.bashrc<\/pre>\n<p>Run &#8220;sonar-scanner -h&#8221; to check if it is installed, sometimes it won&#8217;t work so may try this command instead &#8211; \/opt\/sonar-scanner\/sonar-scanner-4.6.2.2472-linux\/bin\/sonar-scanner\u00a0 \u00a0(Edit the version no. as per the downloaded package)<\/p>\n<p>Now go to your SonarQube &gt;&gt; click on your profile &gt;&gt; go to MyAccount and create a token if not already created.<\/p>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-62872 size-large\" src=\"https:\/\/www.tothenew.com\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.03.00\u202fPM-1024x330.png\" alt=\"SonarQube \" width=\"625\" height=\"201\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.03.00\u202fPM-1024x330.png 1024w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.03.00\u202fPM-300x97.png 300w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.03.00\u202fPM-768x248.png 768w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.03.00\u202fPM-1536x495.png 1536w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.03.00\u202fPM-2048x660.png 2048w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.03.00\u202fPM-624x201.png 624w\" sizes=\"(max-width: 625px) 100vw, 625px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>Now Go to your jenkins Pipeline and add the following commands to your pipeline:<\/p>\n<pre>\/opt\/sonar-scanner\/sonar-scanner-4.6.2.2472-linux\/bin\/sonar-scanner\r\n-Dsonar.projectKey=your-project-key\r\n-Dsonar.sources=.\r\n-Dsonar.host.url=https:\/\/yoursonarlink.ttn\r\n-Dsonar.login=$SONAR_TOKEN<\/pre>\n<ul>\n<li>-Dsonar.projectKey is your sonarqube project key<\/li>\n<li>-Dsonar.sources is the directory where the code is present which needs to be analysed<\/li>\n<li>-Dsonar.host.url is URL of your sonarqube<\/li>\n<li>-Dsonar.login is where you pass your sonar token which will be used to authenticate your request<\/li>\n<\/ul>\n<p>You don&#8217;t necessarily have to have to edit sonar-project.properties in order to run the sonar scanner. The project key can be anything which will also be shown as the name of your project in SonarQube.<\/p>\n<p>&nbsp;<\/p>\n<div id=\"attachment_62876\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img aria-describedby=\"caption-attachment-62876\" decoding=\"async\" loading=\"lazy\" class=\"wp-image-62876 size-large\" src=\"https:\/\/www.tothenew.com\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.12.05\u202fPM-1024x737.png\" alt=\"SonarQube Report\" width=\"625\" height=\"450\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.12.05\u202fPM-1024x737.png 1024w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.12.05\u202fPM-300x216.png 300w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.12.05\u202fPM-768x553.png 768w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.12.05\u202fPM-1536x1106.png 1536w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.12.05\u202fPM-2048x1475.png 2048w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.12.05\u202fPM-624x449.png 624w\" sizes=\"(max-width: 625px) 100vw, 625px\" \/><p id=\"caption-attachment-62876\" class=\"wp-caption-text\">SonarQube Sample Report<\/p><\/div>\n<p>&nbsp;<\/p>\n<h2><strong>3. OWASP Dependency Check<\/strong><\/h2>\n<p>OWASP Dependency-Check is the Security Compliance Assessment tool that identifies project dependencies, checking for the presence of known, publicly disclosed vulnerabilities in those dependencies. This is a freely available, open-source project maintained by the Open Web Application Security Project. It scans project dependencies\u2014that is, libraries and frameworks\u2014and creates a report of all used dependencies. It checks the identified dependencies against its database of known vulnerabilities, including the National Vulnerability Database, for possible security risks.<\/p>\n<h4><strong>Steps to install &amp; Integrate:<\/strong><\/h4>\n<p>Run the following commands:<\/p>\n<pre>wget https:\/\/github.com\/jeremylong\/DependencyCheck\/releases\/download\/v6.5.3\/dependency-check-6.5.3-release.zip\r\nunzip dependency-check-6.5.3-release.zip -d \/opt\/dependency-check\r\nexport PATH=$PATH:\/opt\/dependency-check\/bin\r\nsource ~\/.bashrc<\/pre>\n<p>Run this &#8220;dependency-check &#8211;version&#8221; to check if it is installed, sometimes it won&#8217;t work so may try this command instead &#8211; \/opt\/dependency-check\/bin\/dependency-check.sh &#8211;project &#8216;your-project&#8217;<\/p>\n<p>Add the following commands to your pipeline:<\/p>\n<pre>\/opt\/dependency-check\/bin\/dependency-check.sh --project 'your-project' \r\n--scan '\/var\/lib\/jenkins\/workspace\/path\/to\/job' \r\n--out '.' \r\n--format 'HTML' \r\n--format 'JSON' \r\n--data '\/var\/lib\/jenkins\/your-custom-path\/dependency-check-data'<\/pre>\n<ul>\n<li>&#8211;project is your project name<\/li>\n<li>&#8211;scan is the path whose resources need to be scanned<\/li>\n<li>&#8211;out is the directory where the reports will be generated<\/li>\n<li>&#8211;format denotes the format in which you want the report<\/li>\n<li>&#8211;data is the path where the dependency check data will be stored. This data contains the details about the vulnerabilities and will use this data as a reference while scanning your code for vulnerabilities and will generate the report accordingly.<\/li>\n<\/ul>\n<div id=\"attachment_62883\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img aria-describedby=\"caption-attachment-62883\" decoding=\"async\" loading=\"lazy\" class=\"wp-image-62883 size-large\" src=\"https:\/\/www.tothenew.com\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.39.01\u202fPM-1024x590.png\" alt=\"Dependency check report\" width=\"625\" height=\"360\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.39.01\u202fPM-1024x590.png 1024w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.39.01\u202fPM-300x173.png 300w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.39.01\u202fPM-768x442.png 768w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.39.01\u202fPM-1536x885.png 1536w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.39.01\u202fPM-2048x1180.png 2048w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.39.01\u202fPM-624x359.png 624w\" sizes=\"(max-width: 625px) 100vw, 625px\" \/><p id=\"caption-attachment-62883\" class=\"wp-caption-text\">Dependency check Sample report<\/p><\/div>\n<h2><strong>4. Grype Image Scanner<\/strong><\/h2>\n<p>Grype is a simple tool and library that scans container images and filesystems and generates reports on detected vulnerabilities in software packages and libraries. Grype focuses on detecting vulnerabilities in application dependencies, very much like OWASP Dependency-Check, but specializes in containerized environments.<\/p>\n<h4>Steps to install &amp; Integrate:<\/h4>\n<p>Run the following commands:<\/p>\n<pre>curl -sSfL https:\/\/raw.githubusercontent.com\/anchore\/grype\/main\/install.sh | sh -s -- -b \/usr\/local\/bin<\/pre>\n<p>Add the following command to your Jenkins Pipeline:<\/p>\n<pre>grype $IMAGE_NAME:$IMAGE_TAG &gt; grype-report.txt<\/pre>\n<ul>\n<li>$IMAGE_NAME:$IMAGE_TAG, here you can pass the image name and tag that you want to scan<\/li>\n<\/ul>\n<p>If the &#8220;grype&#8221; command is not working then you can replace it with &#8220;\/usr\/local\/bin\/grype&#8221;<\/p>\n<div id=\"attachment_62886\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img aria-describedby=\"caption-attachment-62886\" decoding=\"async\" loading=\"lazy\" class=\"wp-image-62886 size-large\" src=\"https:\/\/www.tothenew.com\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.57.40\u202fPM-1024x677.png\" alt=\"Grype Sample Report\" width=\"625\" height=\"413\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.57.40\u202fPM-1024x677.png 1024w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.57.40\u202fPM-300x198.png 300w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.57.40\u202fPM-768x508.png 768w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.57.40\u202fPM-1536x1016.png 1536w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.57.40\u202fPM-2048x1355.png 2048w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-08-at-2.57.40\u202fPM-624x413.png 624w\" sizes=\"(max-width: 625px) 100vw, 625px\" \/><p id=\"caption-attachment-62886\" class=\"wp-caption-text\">Grype Sample Report<\/p><\/div>\n<p><strong>Note<\/strong>: Grype is resource-heavy and may crash the server while scanning. If this happens, consider using Trivy, Clair, or AWS ECR for scanning images as a replacement if possible.<\/p>\n<p>&nbsp;<\/p>\n<p><strong><span style=\"text-decoration: underline;\">Sample Execution:<\/span><\/strong><\/p>\n<p>&nbsp;<\/p>\n<div id=\"attachment_63617\" style=\"width: 635px\" class=\"wp-caption alignnone\"><img aria-describedby=\"caption-attachment-63617\" decoding=\"async\" loading=\"lazy\" class=\"wp-image-63617 size-large\" src=\"https:\/\/www.tothenew.com\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-30-at-3.20.08\u202fPM-1024x466.png\" alt=\"Sample Execution\" width=\"625\" height=\"284\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-30-at-3.20.08\u202fPM-1024x466.png 1024w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-30-at-3.20.08\u202fPM-300x137.png 300w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-30-at-3.20.08\u202fPM-768x350.png 768w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-30-at-3.20.08\u202fPM-1536x699.png 1536w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-30-at-3.20.08\u202fPM-2048x933.png 2048w, \/blog\/wp-ttn-blog\/uploads\/2024\/07\/Screenshot-2024-07-30-at-3.20.08\u202fPM-624x284.png 624w\" sizes=\"(max-width: 625px) 100vw, 625px\" \/><p id=\"caption-attachment-63617\" class=\"wp-caption-text\">Sample Execution<\/p><\/div>\n<div id=\"attachment_64620\" style=\"width: 931px\" class=\"wp-caption alignnone\"><img aria-describedby=\"caption-attachment-64620\" decoding=\"async\" loading=\"lazy\" class=\"wp-image-64620 size-full\" src=\"https:\/\/www.tothenew.com\/blog\/wp-ttn-blog\/uploads\/2024\/08\/blog2.png\" alt=\"Artifacts sent via mail\" width=\"921\" height=\"467\" srcset=\"\/blog\/wp-ttn-blog\/uploads\/2024\/08\/blog2.png 921w, \/blog\/wp-ttn-blog\/uploads\/2024\/08\/blog2-300x152.png 300w, \/blog\/wp-ttn-blog\/uploads\/2024\/08\/blog2-768x389.png 768w, \/blog\/wp-ttn-blog\/uploads\/2024\/08\/blog2-624x316.png 624w\" sizes=\"(max-width: 921px) 100vw, 921px\" \/><p id=\"caption-attachment-64620\" class=\"wp-caption-text\">Artifacts sent via mail<\/p><\/div>\n<pre>archiveArtifacts artifacts: '*.html,*.json,*.txt', fingerprint: true\r\nemailext (\r\nsubject: \"Build Artifacts for ${JOB_NAME} #${BUILD_NUMBER}\",\r\nbody: \"\"\"&lt;p&gt;Hi Team,&lt;\/p&gt;\r\n&lt;p&gt;Attached are the artifacts of Gitleaks, GrypeScanner and OWASP Dependancy-check Reports are from the latest build.&lt;\/p&gt;\r\n&lt;p&gt; For SonarQube Report, please visit - &lt;your sonar link&gt;&lt;br&gt;\r\n&lt;p&gt;Build Details:&lt;br&gt;\r\nJob: ${JOB_NAME}&lt;br&gt;\r\nBuild: #${BUILD_NUMBER}&lt;br&gt;\r\nBuild URL: ${BUILD_URL}&lt;br&gt;\r\n\"\"\",\r\nto: 'youremail@domain.com', \r\nattachmentsPattern: \"**\/dependency-check-report.json,**\/dependency-check-report.html,**\/gitleaks-report.json,**\/grype-report.txt\",\r\nmimeType: 'text\/html'\r\n)\r\ncleanWs()<\/pre>\n<p style=\"text-align: left;\"><em>(Code snippet for the email notification)<\/em><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Conclusion<\/strong><\/h2>\n<p>DevSecOps ensures that software is secure and trusted all the way through its development. Tools like Gitleaks, SonarQube, OWASP-Dependency-Check, and Grype can, therefore, help organizations catch and reduce security vulnerabilities before they deploy, thereby considerably lowering the risk of a breach and increasing general system security.<\/p>\n<p>Gitleaks prevents sensitive information from getting into version control systems by mistake. SonarQube gives the full code quality analysis, thus detecting bugs, code smells, and security vulnerabilities to ensure a cleaner and safer codebase. OWASP Dependency-Check scans project dependencies against vulnerabilities. This adds a high value to one step of security by ensuring libraries and frameworks are safe for use in a project. Grype, finally, specializes in scanning vulnerabilities in container images and file systems. These tools can be automated as part of the continuous development process in a CI\/CD pipeline with Jenkins, allowing continuous monitoring for fast remediation of potential security issues. This way, this approach will not only drive an improvement in the security posture of an organization but also inspire a culture of security awareness among developers and other teams.<\/p>\n<p>A DevSecOps strategy built with these tools or any other security tools makes sure that the process of software development does not consider security as an afterthought, because security was inlaid into the very core of developing more secure and resilient applications.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Basically, DevSecOps can be thought of as integrated security practices with DevOps; requiring a variety of tools to ensure security throughout the software development lifecycle. Often, we unknowingly add details to our code or use compromised packages, leading to potential breaches in our system. To mitigate this, we use various DevSecOps tools to ensure [&hellip;]<\/p>\n","protected":false},"author":1805,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":40},"categories":[5877],"tags":[1892],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/62862"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/1805"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=62862"}],"version-history":[{"count":18,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/62862\/revisions"}],"predecessor-version":[{"id":65028,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/62862\/revisions\/65028"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=62862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=62862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=62862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}