From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Security in the deploy phase

Security in the deploy phase

From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline

Start my 1-month free trial

Security in the deploy phase

- [Instructor] The deploy phase is where software moves from testing to where the customers area able to operate it for the very first time. When we're doing full continuous delivery this might happen several times a day. At my company we move code to production 10 to 15 times a day on average. The speed at which we move new features to production is a radical departure from where the industry was a decade ago, with mostly waterfall being used for software delivery lifecycle. There's a need to do security at the same speed as all these deploys. There are two major categories of security issues faced at the deploy phase. First, securing the actual deployment. By that I mean accountability and audit ability of the deployment. Knowing what code went out, who wrote it, who authorized it and logging for all of that, which needs to be tamper proof. The second category is compliance. Often compliance will try to put road blocks in place for continuous delivery. It's important to bring them…

Contents