Posts in: DevSecOps

Is DevSecOps a Thing...? Or, What is DevSecOps?

https://www.youtube.com/watch?v=27kCIHeZtTU&list=PLAdzTan_eSPRNuA52_34wh5VTBC-0Rz7U&index=2&t=50s This is a 10 minute overview of what I think DevSecOps is, has become, etc. It was originally for an IDC Nordic conference. Here's the transcript, apologies for the time codes: Introduction - DevSecOps? Well, thanks for having me here. I've been trying to figure out what DevSecOps means for a little bit, and I think I've finally settled on three things that it is. So what I want to do is go over what those things are, and also related a little bit to what DevOps is and why it's actually kind of justified to use that infix of DevSecOps.

Continue reading →


What is DevSecOps? Part Two: Automating Verification and Guardrails

https://www.youtube.com/watch?v=K9fVZU-e2Gk&list=PLAdzTan_eSPRNuA52_34wh5VTBC-0Rz7U&index=1 What is DevSecOps? Part 02: Automating Verification and Guardrails What is DevSecOps? Here’s part two of what I think it is, actual new tools you can use when it comes to verifying/trusting what’s in your apps and putting out guardrails for developers. Plus, some repaving for you 3 R’s OGs. Check out my write-up for what the other two are, and more details. Also, here's part one. Here is the transcript:

Continue reading →


 What is DevSecOps? Part One: A Secure Software Supply Chain

https://www.youtube.com/watch?v=0fRYNaeGW_k&list=PLAdzTan_eSPRNuA52_34wh5VTBC-0Rz7U&index=3 What is DevSecOps? Part One: A Secure Software Supply Chain I’ve been trying to figure out what exactly the Sec in DevSecOps is for a couple years or so, and I think I’ve got something. Three things in fact. Keep in mind that DevSecOps isn’t all of security, it’s just a small subset that focuses on the software you write and run. Anyhow, here’s the first. A “secure software supply chain.

Continue reading →



What is DevSecOps?

In this longer blog post, I go over how I’ve finally come to think about what DevSecOps is.A summary of what the post covers: 1. A secure software supply chain – This is a fancy way of saying “we know all the components that went into building and deploying this software and trust those components.” It also includes the actual CI/CD pipeline that you trust and that’s resistant to third parties including malicious code, as we’ve seen happen in recent years.

Continue reading →


@cote@hachyderm.io, @cote@cote.io, @cote