What is DevSecOps?
DevSecOps is the combination of " development" , " operations" , and " security" . Traditionally, a company may have one team developing software and a separate cybersecurity team. In a DevSecOps model, many security activities are integrated into the software development lifecycle, usually through automated processes. The core concept is that security is everyone's responsibility and development teams are empowered to test earlier and enforce best practices.
DevSecOps vulnerability scanning
There are several types of vulnerability scans available to teams practicing DevSecOps:
- Static application security testing (SAST) - checks for vulnerable dependency libraries and insecure coding practices.
- Dynamic application security testing (DAST) - tests a live application for flaws such as cross-site scripting or SQL injection.
- Network vulnerability and port scans - scan for vulnerable software such as insecure ssh or out-dated Apache webserver and misconfigured firewall rules.
HostedScan's DevSecOps tools
HostedScan Security provides DAST scans, network scans, and port scans in a convenient SaaS application which can be integrated into any software development workflow via APIs and webhooks. HostedScan users have built integrations with GitHub Actions, CircleCI, Azure, AWS, and more!
Example Api Documentation Screenshot
