{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 持續集成和持續交付(CI / CD)可以爲軟件開發和部署過程提供端到端的無縫集成。 通過這樣做,CI / CD使開發人員可以將更多的時間用於開發代碼以改善軟件功能,而不必擔心部署。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 但是,開發人員仍然面臨許多安全挑戰。 CI / CD可以加快此過程,但不會加快安全性。 但是,藉助DevSecOps就有可能加快軟件內部安全性的交付。 DevSecOps工程師嘗試將大多數安全控件作爲軟件的一部分進行運營,方法是將其引入設計約束中,然後由CI / CD管道對其進行檢查,而不會損害控件的完整性。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" ","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"爲什麼選擇DevSecOps?","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 隨着數字化轉型的增加,迫切需要安全可靠的軟件,否則,從架構到交付的一切都將面臨風險。安全漏洞現在是對公司和產品的最大威脅之一。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" DevSecOps促進了開發團隊和安全團隊之間的協作,因此產品避免了向安全團隊的後期移交。通過在流程開始時引入安全性,就會增強產品的價值和質量。 實際上,如果沒有DevSecOps,該軟件可能會在最後一刻被認爲是不安全的,從而導致多次代價高昂的迭代。藉助DevSecOps,可以直接在管道中實施安全標準,從而使產品從一開始就更加安全。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 總體而言,DevSecOps確保了產品的市場的信譽和敏捷性,並獲得了消費者的信任。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}},{"type":"strong","attrs":{}}],"text":" ","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"CI / CD中的DevSecOps","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 開源軟件中可能存在許多安全漏洞。 因此,在CI / CD中實施DevSecOps實踐將確保軟件交付安全的連續性。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 將自動化安全檢查集成到管道中將使開發人員能夠對漏洞進行預警,並監視任何安全缺陷或其他缺陷。 通過集成的連續安全性方法,公司可以在擴展安全性和開發流程的同時進行擴展。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 此外,單元測試和靜態代碼分析在接近源代碼的情況下運行,並且無需執行代碼即可進行運行檢查。 因此,投資安全性單元測試和靜態分析器很有好處,因爲它可以加快生命週期,同時快速檢測到任何漏洞。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" ","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"DevSecOps和CI / CD管道的未來","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 面對當今世界帶來的衆多挑戰,安全性對於保持市場領先地位至關重要。 藉助DevSecOps,公司可以始終加速其CI / CD管道,同時確保其不受任何漏洞的影響。 因此,開發和安全團隊之間的協作與交流至關重要,因此不應忽視。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 隨着DevSecOps的興起,安全性已成爲持續交付流程中的重要組成部分。 具有連續性和安全性可確保最佳軟件交付。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"原文:","attrs":{}},{"type":"link","attrs":{"href":"https://www.devopsonline.co.uk/securing-the-ci-cd-pipelines-with-devsecops/","title":null},"content":[{"type":"text","text":"https://www.devopsonline.co.uk/securing-the-ci-cd-pipelines-with-devsecops/","attrs":{}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
使用DevSecOps保護CI / CD管道
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 持續集成和持續交付(CI / CD)可以爲軟件開發和部署過程提供端到端的無縫集成。 通過這樣做,CI / CD使開發人員可以將更多的時間用於開發代碼以改善軟件功能,而不必擔心部署。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 但是,開發人員仍然面臨許多安全挑戰。 CI / CD可以加快此過程,但不會加快安全性。 但是,藉助DevSecOps就有可能加快軟件內部安全性的交付。 DevSecOps工程師嘗試將大多數安全控件作爲軟件的一部分進行運營,方法是將其引入設計約束中,然後由CI / CD管道對其進行檢查,而不會損害控件的完整性。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" ","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"爲什麼選擇DevSecOps?","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 隨着數字化轉型的增加,迫切需要安全可靠的軟件,否則,從架構到交付的一切都將面臨風險。安全漏洞現在是對公司和產品的最大威脅之一。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" DevSecOps促進了開發團隊和安全團隊之間的協作,因此產品避免了向安全團隊的後期移交。通過在流程開始時引入安全性,就會增強產品的價值和質量。 實際上,如果沒有DevSecOps,該軟件可能會在最後一刻被認爲是不安全的,從而導致多次代價高昂的迭代。藉助DevSecOps,可以直接在管道中實施安全標準,從而使產品從一開始就更加安全。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 總體而言,DevSecOps確保了產品的市場的信譽和敏捷性,並獲得了消費者的信任。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}},{"type":"strong","attrs":{}}],"text":" ","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"CI / CD中的DevSecOps","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 開源軟件中可能存在許多安全漏洞。 因此,在CI / CD中實施DevSecOps實踐將確保軟件交付安全的連續性。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 將自動化安全檢查集成到管道中將使開發人員能夠對漏洞進行預警,並監視任何安全缺陷或其他缺陷。 通過集成的連續安全性方法,公司可以在擴展安全性和開發流程的同時進行擴展。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 此外,單元測試和靜態代碼分析在接近源代碼的情況下運行,並且無需執行代碼即可進行運行檢查。 因此,投資安全性單元測試和靜態分析器很有好處,因爲它可以加快生命週期,同時快速檢測到任何漏洞。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" ","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":"DevSecOps和CI / CD管道的未來","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 面對當今世界帶來的衆多挑戰,安全性對於保持市場領先地位至關重要。 藉助DevSecOps,公司可以始終加速其CI / CD管道,同時確保其不受任何漏洞的影響。 因此,開發和安全團隊之間的協作與交流至關重要,因此不應忽視。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" 隨着DevSecOps的興起,安全性已成爲持續交付流程中的重要組成部分。 具有連續性和安全性可確保最佳軟件交付。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#434955","name":"user"}}],"text":" ","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"原文:","attrs":{}},{"type":"link","attrs":{"href":"https://www.devopsonline.co.uk/securing-the-ci-cd-pipelines-with-devsecops/","title":null},"content":[{"type":"text","text":"https://www.devopsonline.co.uk/securing-the-ci-cd-pipelines-with-devsecops/","attrs":{}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章