Skip to main content

An introduction to DevSecOps

An illustration of a school, next to an illustration of Bit the Raccoon.

Security is a key part of DevOps. But how does a team know it’s secure? Is it ever really possible to deliver a completely secure service?

Unfortunately, the answer is no. DevSecOps is a continuous and ongoing effort that requires the attention of everyone on the team. While the job is never truly done, the practices teams employ to prevent and handle breaches produce systems that are as secure and resilient as possible.

Teams that don’t have a formal DevSecOps strategy are encouraged to begin the planning as soon as possible. At first there may be some resistance from team members who don’t fully appreciate the threats that exist. Others may not feel that the team is equipped to face the problem and that any special investment would be a wasteful distraction from shipping features. However, it’s necessary to begin the conversation to build consensus as to the nature of the risks, how the team can mitigate them, and whether the team needs resources they don’t currently have.

Resources

Get started with DevSecOps

With Microsoft Learn, you can kick off your journey into DevSecOps with easy to understand training – and best of all, it’s free! This is the perfect way to work through new software.

Learn more about DevSecOps

Already using DevSecOps and want to go further? Whether it’s learning something new within DevSecOps or becoming certified, there’s plenty more to explore and discover.

Further resources