You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: secure_software_development_fundamentals.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -612,7 +612,7 @@ Many organizations want to deploy software/services more rapidly, and have adopt
612
612
613
613
* DevSecOps (also called SecDevOps) is DevOps, but specifically integrating security concerns into the development and operations process (Red Hat, [*What Is DevSecOps?*](https://www.redhat.com/en/topics/devops/what-is-devsecops))
614
614
615
-
* GitOps "is a way of implementing Continuous Deployment for cloud native applications. It focuses on a developer-centric experience when operating infrastructure, by using tools developers are already familiar with, including Git and Continuous Deployment tools. The core idea of GitOps is having a Git repository that always contains declarative descriptions of the infrastructure currently desired in the production environment and an automated process to make the production environment match the described state in the repository. If you want to deploy a new application or update an existing one, you only need to update the repository - the automated process handles everything else" per <https://www.gitops.tech/>. Similar definitions are "GitOps uses Git repositories as a single source of truth to deliver infrastructure as code." (Red Hat, [*What Is GitOps?*](https://www.redhat.com/en/topics/devops/what-is-gitops)) and "GitOps is an operational framework that takes DevOps best practices used for application development such as version control, collaboration, compliance, and CI/CD, and applies them to infrastructure automation." (GitLab, [*What is GitOps?*](https://about.gitlab.com/topics/gitops/)).[
615
+
* GitOps "is a way of implementing Continuous Deployment for cloud native applications. It focuses on a developer-centric experience when operating infrastructure, by using tools developers are already familiar with, including Git and Continuous Deployment tools. The core idea of GitOps is having a Git repository that always contains declarative descriptions of the infrastructure currently desired in the production environment and an automated process to make the production environment match the described state in the repository. If you want to deploy a new application or update an existing one, you only need to update the repository - the automated process handles everything else" per <https://www.gitops.tech/>. Similar definitions are "GitOps uses Git repositories as a single source of truth to deliver infrastructure as code." (Red Hat, [*What Is GitOps?*](https://www.redhat.com/en/topics/devops/what-is-gitops)) and "GitOps is an operational framework that takes DevOps best practices used for application development such as version control, collaboration, compliance, and CI/CD, and applies them to infrastructure automation." (GitLab, [*What is GitOps?*](https://about.gitlab.com/topics/gitops/)).
616
616
617
617
All these depend on automated tests and quality checks, and from a security perspective, what is critical is that tools to check for security vulnerabilities and potential security issues need to be integrated into those automated tests and quality checks. For example, you should ensure that tools are in your CI pipeline that check for various security issues, so that any security problems are detected early. Security tools that take a long time to run might be run in parallel but be used as a “gate” for CDE. We will discuss much more about tools to support security later in the course.
618
618
@@ -5832,6 +5832,8 @@ Gerrand, Andrew, *The Go Blog: Error handling and Go*, 2011 ([https://blog.golan
5832
5832
5833
5833
GitHub Security, *Password reset emails delivered to the wrong address*, 2016-07-05 ([https://bounty.github.com/researchers/jagracey.html](https://bounty.github.com/researchers/jagracey.html))
5834
5834
5835
+
GitLab, *What is GitOps?* ([https://about.gitlab.com/topics/gitops/])
5836
+
5835
5837
Gooding, Dan, *Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again*, Ars Technica, 2020-06-09 ([https://arstechnica.com/information-technology/2020/06/new-exploits-plunder-crypto-keys-and-more-from-intels-ultrasecure-sgx/](https://arstechnica.com/information-technology/2020/06/new-exploits-plunder-crypto-keys-and-more-from-intels-ultrasecure-sgx/))
Red Hat, *What Is DevSecOps?* ([https://www.redhat.com/en/topics/devops/what-is-devsecops](https://www.redhat.com/en/topics/devops/what-is-devsecops))
5946
5948
5949
+
Red Hat, *What Is GitOps?* ([https://www.redhat.com/en/topics/devops/what-is-gitops])
5950
+
5947
5951
Regehr, John, *A Guide to Undefined Behavior in C and C++ (Parts 1-3)*, 2010 ([http://blog.regehr.org/archives/213](http://blog.regehr.org/archives/213))
5948
5952
5949
5953
Reichel, Robert, *How we threat model*, 2020-09-02 ([https://github.blog/2020-09-02-how-we-threat-model/](https://github.blog/2020-09-02-how-we-threat-model/))
0 commit comments