Secure DevOps or practice (cultural principles, approaches, means) to ensure the processes of safe software development and release of IT product releases, will include a set of organizational measures (building Dev- and Ops-processes, approval of changes, documentation, separation of powers, etc.) and technical elements (design and implementation, automatic and manual code testing, verification of the threat model, etc.) aimed not to create a high-quality, safe, convenient, functional product.

Security requirements apply to the entire hierarchy of objects that make up the DevOps environment "Development - Delivery \ Integration - Release Release":

  • Continuous integration

  • Continuous delivery

  • Microservices

  • Business Processes Organized by "Infrastructure as a Code"

  • Permanent monitoring and logging

  • Communication, sharing and collaboration

 

 

As a technological stack, modern technologies are used:

  • Containerization and Orchestration Systems - Docker, Kubernertes, Swarm

  • Integration - Jenkins, TeamCity, Bamboo

  • Infrastructure Management - Ansible, Chief, Puppet

  • Monitoring and measurement - ELK, Kibana, Prometheus

  • Platforms - OS Linux (Debian-based and RHEL-based), DB (MongoDB, MySQL)

  • Image Management - Vagrant, TerraForm

  • Repositories - GitLab, GitHub, BitBucket

  • Bug Tracking and Task Management - Jira, Confluence

  • Log Monitoring - Elastick, Splunk

  • Balancing and Fail over - Pacemaker, Corosync, HAProx

  • Code Analysis - Sonar, Checkmarx CxSAST, Fortify Static

  • CND - Vlan, VPC, DMZ

  • Queue Brokers - RabbitMQ, Redis, Memcached

  • Collaboration - Slack, HipChat, Zoom, Google Link