{"id":53953,"date":"2020-08-13T10:51:41","date_gmt":"2020-08-13T17:51:41","guid":{"rendered":"https:\/\/github.blog\/?p=53953"},"modified":"2021-02-23T16:57:18","modified_gmt":"2021-02-24T00:57:18","slug":"secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops","status":"publish","type":"post","link":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/","title":{"rendered":"Secure at every step: A guide to DevSecOps, shifting left, and GitOps"},"content":{"rendered":"

DevSecOps, shifting left, and GitOps: you\u2019ve probably heard all of these terms recently, but you might not be sure about what they mean. The reality is that these practices share a lot of the same principles\u2014to reduce the time developers need to spend on security, while achieving better outcomes. And who doesn\u2019t want that? Let\u2019s clear up some confusion and deconstruct what these terms mean, and how they apply to your security and development teams.<\/span><\/p>\n

What is DevSecOps<\/a>: Applying DevOps principles to security<\/span><\/span><\/a><\/h3>\n

DevOps is an increasingly popular trend in recent years\u2014a shift that makes developers more accountable for operational issues. The idea is that when a system goes down, it\u2019s everyone\u2019s responsibility to fix it. And so is preventing outages to begin with. Rather than separating development and operations, DevOps posits that the responsibility for these functions is joint, between all parties that write, ship, and manage that code.<\/span><\/p>\n

The same mindset shift you\u2019ve seen in the industry generally with a move towards DevOps has also been felt within security specifically. It\u2019s commonly called <\/b>DevSecOps<\/i><\/b>.<\/b> This is about making all parties who are part of the application development lifecycle accountable for the security of the application, just as they are accountable for operations and supportability.<\/span><\/p>\n

So what\u2019s the difference between DevOps and DevSecOps? In the first, everyone becomes accountable for outages, even if they don\u2019t manage the infrastructure. In the second, everyone becomes accountable for vulnerabilities, even if they didn\u2019t write the software. Just like the business goal of DevOps is fewer outages, the business goal of DevSecOps is no data loss (which is also aided by fewer outages\u2014availability is part of the <\/span>CIA triad<\/span><\/a>, after all). DevSecOps addresses the concern of development teams not satisfactorily addressing security requirements.<\/span><\/p>\n

Not everyone likes the term DevSecOps, though. And it\u2019s not just because the order is confusing, but because it makes security seem special. The reality is every function should be tightly integrated this way, at every step in the development process. <\/span>Continuous security<\/span><\/i> draws a parallel to continuous integration and continuous delivery: you should continuously integrate security into your development process as well.<\/span><\/p>\n

Since this is a mindset shift, there\u2019s no canonical list of practices, but rather the principal change is to apply security practices earlier in the development lifecycle.<\/span><\/p>\n

Practicing DevSecOps: Shifting left allows development teams to implement controls earlier, including security controls<\/span><\/span><\/a><\/h3>\n

In practice, to hold teams accountable for what they develop, processes need to <\/span>shift left<\/span><\/i> to earlier in the development lifecycle, where development teams are. By moving steps like testing, including security testing, from a final gate at deployment time to an earlier step, fewer mistakes are made, and developers can move more quickly.<\/span><\/p>\n

The principles of shifting left also apply to security, not only to operations.<\/b> It\u2019s critical to prevent breaches before they can affect users, and to move quickly to address newly discovered security vulnerabilities and fix them<\/b>. Instead of security acting as a gate, integrating it into every step of the development lifecycle allows your development team to catch issues earlier. A developer-centric approach means they can stay in context and respond to issues as they code, not days later at deployment, or months later from a penetration test report.<\/span><\/p>\n

Shifting left is a process change, but it isn\u2019t a single control or specific tool\u2014it\u2019s about making all of security more developer-centric, and giving developers security feedback where they are. In practice, developers work with code and in Git, so as a result, we\u2019re seeing more security controls being applied in Git.<\/span><\/p>\n

Managing security controls consistently: GitOps uses Git as a source of truth for your environment<\/span><\/span><\/a><\/h3>\n

GitOps<\/span><\/i> capitalizes (literally) on the trend of thinking about everything in your environment as code. Sure, GitOps is infrastructure as code. But it\u2019s also configuration as code, policy as code, and anything else you can think of as code. (Well, not anything. Don\u2019t keep secrets in code. You thought your secrets were safe? You were wrong.)<\/span><\/p>\n

In contrast to DevSecOps and shifting left, which are mindset and process changes, GitOps is more prescriptive in terms of its implementation. GitOps is the system of using Git as a source of truth for your environment, and using properties of Git like history and review tools to manage how you make changes to that source of truth.\u00a0<\/span><\/p>\n

It\u2019s also what you built on top of your code, to make deployments as automated and error-free as possible. With GitOps, you can push a change to code and review the change as part of your Git workflow, and then use automation to do all the hard stuff of deploying, monitoring, and adjusting live changes in production.<\/span><\/p>\n

GitOps is the system that best supports the ideals laid out in DevOps, and specifically in DevSecOps. <\/b>It allows you to separate deployments from development, so you can deploy as often as you want. We know from the <\/span>DORA State of DevOps reports<\/span><\/a> that developers can move faster when they have version control, continuous integration, test automation, and other tooling that\u2019s available with Git.\u00a0<\/span><\/p>\n

In DevOps, this matters specifically with mean time to recovery (MTTR) to respond after an outage. In DevSecOps, this matters with mean time to remediate (conveniently, also MTTR). Having version control means you know what\u2019s in your environment: you know if you need to upgrade, and if you\u2019re susceptible to a vulnerability. Having sufficient testing in place means you can very quickly deploy a fix, like a patch, knowing it won\u2019t break your infrastructure.<\/span><\/p>\n

By using Git, you have a single source of truth for your infrastructure, configurations, and applications. And by extension, a single process to make changes. You can implement necessary controls and gates on this process to make sure you meet any security needs you have for your development pipeline, and having a consistent development process allows you to shift left by verifying security requirements earlier, at code (or config) check-in, or build time, not just deployment time.<\/span><\/p>\n

To summarize, DevSecOps is the mindset shift to recognize and continuously apply security practices as part of the development lifecycle, with responsibilities shared across teams. This is frequently accompanied by shifting security testing left to earlier in the lifecycle as part of development. This keeps security\u2014and developers\u2014in the flow and in context, allowing security issues to be addressed earlier. And, by using Git as a source of truth for your environment, you can more easily apply these principles not only to your code, but also to everything <\/span>around<\/span><\/i> your code, like your configurations. There\u2019s no one way to apply these concepts, but rather, they are acknowledgement that security is an increasingly important and integral part of your development workflow today.<\/span><\/p>\n

By empowering all developers to take responsibility for security, performing security testing earlier in your development lifecycle, and using Git, you can help your development teams find and remediate security issues faster. In future blog posts, we\u2019ll also break down what this means for your first and third-party code.<\/span><\/p>\n

\n

Looking for more easy ways to keep your code secure? Stay tuned for upcoming posts in this series or <\/span><\/i>check out our security ebook.<\/span><\/i><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.<\/p>\n","protected":false},"author":1807,"featured_media":53898,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_gh_post_show_toc":"","_gh_post_is_no_robots":"","_gh_post_is_featured":"","_gh_post_is_excluded":"","_gh_post_is_unlisted":"","_gh_post_related_link_1":"","_gh_post_related_link_2":"","_gh_post_related_link_3":"","_gh_post_sq_img":"","_gh_post_sq_img_id":"","_gh_post_cta_title":"","_gh_post_cta_text":"","_gh_post_cta_link":"","_gh_post_cta_button":"","_gh_post_recirc_hide":"","_gh_post_recirc_col_1":"","_gh_post_recirc_col_2":"","_gh_post_recirc_col_3":"","_gh_post_recirc_col_4":"","_featured_video":"","_gh_post_additional_query_params":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false,"_links_to":"","_links_to_target":""},"categories":[3318,3313],"tags":[],"coauthors":[],"class_list":["post-53953","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devsecops","category-enterprise-software"],"yoast_head":"\nWhat is DevSecOps? Secure at every step: DevSecOps Defined<\/title>\n<meta name=\"description\" content=\"DevSecOps is the philosophy of automating security practices within the DevOps process. With DevSecOps, shifting left, and GitOps, GitHub fosters the 'Security as Code' culture between engineers and security teams.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure at every step: A guide to DevSecOps, shifting left, and GitOps\" \/>\n<meta property=\"og:description\" content=\"When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/\" \/>\n<meta property=\"og:site_name\" content=\"The GitHub Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-13T17:51:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-24T00:57:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/github.blog\/wp-content\/uploads\/2020\/08\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Maya Kaczorowski\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Secure at every step: A guide to DevSecOps, shifting left, and GitOps\" \/>\n<meta name=\"twitter:description\" content=\"When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/github.blog\/wp-content\/uploads\/2020\/08\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Maya Kaczorowski\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/\"},\"author\":{\"name\":\"Maya Kaczorowski\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/5b9e90adf3e2207ad5a7b541ba5714b3\"},\"headline\":\"Secure at every step: A guide to DevSecOps, shifting left, and GitOps\",\"datePublished\":\"2020-08-13T17:51:41+00:00\",\"dateModified\":\"2021-02-24T00:57:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/\"},\"wordCount\":1226,\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630\",\"articleSection\":[\"DevSecOps\",\"Enterprise software\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/\",\"url\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/\",\"name\":\"What is DevSecOps? Secure at every step: DevSecOps Defined\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630\",\"datePublished\":\"2020-08-13T17:51:41+00:00\",\"dateModified\":\"2021-02-24T00:57:18+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/5b9e90adf3e2207ad5a7b541ba5714b3\"},\"description\":\"DevSecOps is the philosophy of automating security practices within the DevOps process. With DevSecOps, shifting left, and GitOps, GitHub fosters the 'Security as Code' culture between engineers and security teams.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/#primaryimage\",\"url\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630\",\"contentUrl\":\"https:\\\/\\\/github.blog\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630\",\"width\":1200,\"height\":630,\"caption\":\"defining devsecops, devops, and gitops\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/github.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Enterprise software\",\"item\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"DevSecOps\",\"item\":\"https:\\\/\\\/github.blog\\\/enterprise-software\\\/devsecops\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Secure at every step: A guide to DevSecOps, shifting left, and GitOps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/github.blog\\\/#website\",\"url\":\"https:\\\/\\\/github.blog\\\/\",\"name\":\"The GitHub Blog\",\"description\":\"Updates, ideas, and inspiration from GitHub to help developers build and design software.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/github.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/github.blog\\\/#\\\/schema\\\/person\\\/5b9e90adf3e2207ad5a7b541ba5714b3\",\"name\":\"Maya Kaczorowski\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0caa9667d4c52e910619627e9a8c12b82711d08c93c41bef12d6d6cabcaacd57?s=96&d=mm&r=gc1ea47a6cdabca177d6a83c6a8fefdb6\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0caa9667d4c52e910619627e9a8c12b82711d08c93c41bef12d6d6cabcaacd57?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/0caa9667d4c52e910619627e9a8c12b82711d08c93c41bef12d6d6cabcaacd57?s=96&d=mm&r=g\",\"caption\":\"Maya Kaczorowski\"},\"url\":\"https:\\\/\\\/github.blog\\\/author\\\/mayakacz\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What is DevSecOps? Secure at every step: DevSecOps Defined","description":"DevSecOps is the philosophy of automating security practices within the DevOps process. With DevSecOps, shifting left, and GitOps, GitHub fosters the 'Security as Code' culture between engineers and security teams.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/","og_locale":"en_US","og_type":"article","og_title":"Secure at every step: A guide to DevSecOps, shifting left, and GitOps","og_description":"When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.","og_url":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/","og_site_name":"The GitHub Blog","article_published_time":"2020-08-13T17:51:41+00:00","article_modified_time":"2021-02-24T00:57:18+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/github.blog\/wp-content\/uploads\/2020\/08\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630","type":"image\/png"}],"author":"Maya Kaczorowski","twitter_card":"summary_large_image","twitter_title":"Secure at every step: A guide to DevSecOps, shifting left, and GitOps","twitter_description":"When developers share the responsibility of security, perform security testing earlier in your development lifecycle, and use Git as a source of truth, you can help your development teams find and remediate security issues faster.","twitter_image":"https:\/\/github.blog\/wp-content\/uploads\/2020\/08\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630","twitter_misc":{"Written by":"Maya Kaczorowski","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/#article","isPartOf":{"@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/"},"author":{"name":"Maya Kaczorowski","@id":"https:\/\/github.blog\/#\/schema\/person\/5b9e90adf3e2207ad5a7b541ba5714b3"},"headline":"Secure at every step: A guide to DevSecOps, shifting left, and GitOps","datePublished":"2020-08-13T17:51:41+00:00","dateModified":"2021-02-24T00:57:18+00:00","mainEntityOfPage":{"@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/"},"wordCount":1226,"image":{"@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2020\/08\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630","articleSection":["DevSecOps","Enterprise software"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/","url":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/","name":"What is DevSecOps? Secure at every step: DevSecOps Defined","isPartOf":{"@id":"https:\/\/github.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/#primaryimage"},"image":{"@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/#primaryimage"},"thumbnailUrl":"https:\/\/github.blog\/wp-content\/uploads\/2020\/08\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630","datePublished":"2020-08-13T17:51:41+00:00","dateModified":"2021-02-24T00:57:18+00:00","author":{"@id":"https:\/\/github.blog\/#\/schema\/person\/5b9e90adf3e2207ad5a7b541ba5714b3"},"description":"DevSecOps is the philosophy of automating security practices within the DevOps process. With DevSecOps, shifting left, and GitOps, GitHub fosters the 'Security as Code' culture between engineers and security teams.","breadcrumb":{"@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/#primaryimage","url":"https:\/\/github.blog\/wp-content\/uploads\/2020\/08\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630","contentUrl":"https:\/\/github.blog\/wp-content\/uploads\/2020\/08\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630","width":1200,"height":630,"caption":"defining devsecops, devops, and gitops"},{"@type":"BreadcrumbList","@id":"https:\/\/github.blog\/enterprise-software\/devsecops\/secure-at-every-step-a-guide-to-devsecops-shifting-left-and-gitops\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/github.blog\/"},{"@type":"ListItem","position":2,"name":"Enterprise software","item":"https:\/\/github.blog\/enterprise-software\/"},{"@type":"ListItem","position":3,"name":"DevSecOps","item":"https:\/\/github.blog\/enterprise-software\/devsecops\/"},{"@type":"ListItem","position":4,"name":"Secure at every step: A guide to DevSecOps, shifting left, and GitOps"}]},{"@type":"WebSite","@id":"https:\/\/github.blog\/#website","url":"https:\/\/github.blog\/","name":"The GitHub Blog","description":"Updates, ideas, and inspiration from GitHub to help developers build and design software.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/github.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/github.blog\/#\/schema\/person\/5b9e90adf3e2207ad5a7b541ba5714b3","name":"Maya Kaczorowski","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0caa9667d4c52e910619627e9a8c12b82711d08c93c41bef12d6d6cabcaacd57?s=96&d=mm&r=gc1ea47a6cdabca177d6a83c6a8fefdb6","url":"https:\/\/secure.gravatar.com\/avatar\/0caa9667d4c52e910619627e9a8c12b82711d08c93c41bef12d6d6cabcaacd57?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0caa9667d4c52e910619627e9a8c12b82711d08c93c41bef12d6d6cabcaacd57?s=96&d=mm&r=g","caption":"Maya Kaczorowski"},"url":"https:\/\/github.blog\/author\/mayakacz\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/github.blog\/wp-content\/uploads\/2020\/08\/89543629-28be8c80-d7cf-11ea-9996-fac2427a4719.png?fit=1200%2C630","jetpack_shortlink":"https:\/\/wp.me\/pamS32-e2d","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/53953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/users\/1807"}],"replies":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/comments?post=53953"}],"version-history":[{"count":7,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/53953\/revisions"}],"predecessor-version":[{"id":56404,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/posts\/53953\/revisions\/56404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media\/53898"}],"wp:attachment":[{"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/media?parent=53953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/categories?post=53953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/tags?post=53953"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/github.blog\/wp-json\/wp\/v2\/coauthors?post=53953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}