ORSYS le mag 2025 logo

The training and skills medium

Home > Cybersecurity glossary > DevSecOps

DevSecOps

Le DevSecOps (Development, Security, and Operations) is an approach that integrates the security at the beginning of the software development cycle, rather than adding it at the end. It aims to automate security controls and integrate secure practices into the entire development, testing, deployment and operational process.

The aim of DevSecOps is to detect and correct vulnerabilities as soon as possibleby adopting a collaborative approach between developers, security teams and IT operations.

  • Dev (Development) : represents the software development teams responsible for creating and updating applications and systems.
  • Sec (Security) : encompasses the security practices and tools that are integrated into the development process. This includes the identification and correction of vulnerabilities, the automation of security tests, the access managementetc.
  • Ops (Operations) : concerns the IT operations teams responsible for deploying, managing and maintaining applications and infrastructures in production.

 

🎯 Objectives

  • Move the safety device "to the left" (Shift Left Security) : Integrate security as early as possible in the development cycle to identify and correct vulnerabilities before they become costly or complex to resolve in production.
  • Automate security : Use automated tools and processes for security testing, configuration, monitoring and incident response, to speed up the development cycle and reduce human error.
  • Empowering all teams: Make security a responsibility shared by all teams (Dev, Sec, Ops) and promote a culture of security within the organisation.
  • Improving collaboration : Promote communication and collaboration between development, security and operations teams to improve understanding of risks and respond more quickly to security issues.
  • Speeding up delivery: enable applications and systems to be delivered more quickly while guaranteeing a high level of security.

 

Examples of DevSecOps

1. Static analysis of source code (SAST)

👉 Example A company uses SonarQube or Checkmarx to automatically scan source code for vulnerabilities (SQL injections, XSSdata leaks).

2. Automated safety tests in the CI/CD pipeline

👉 Example : A development team integrates tools such as OWASP ZAP or Burp Suite in its GitHub Actions, GitLab CI/CD or Jenkins pipeline, to test for security flaws before each deployment.

3. Scanning containers and Docker images

👉 Example A company uses Trivy, Anchore or Clair to scan Docker images and identify vulnerable dependencies before deploying them in production.

4. Managing secrets and secure access

👉 Example Instead of hard-coding API keys in the code, a company uses Vault (HashiCorp) or AWS Secrets Manager to secure and manage secrets centrally.

5. Continuous monitoring and incident response

👉 Example : An organisation deploys Datadog Security Monitoring or Splunk to monitor suspicious activity in real time and respond rapidly to threats.

Back to Glossary

field of training

Cybersecurity

associated training

Systems and network security, level 1

Hacking and security, level 1

Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity