Dev Sec Ops Pipeline
A DevSecOps pipeline is a CI/CD pipeline that integrates automated security tooling and gates — such as static analysis, dependency scanning, secrets detection, and dynamic testing — directly into the build, test, and deployment process, so security checks run continuously alongside every code change rather than as a…
8 resources across 1 library
Glossary Terms(8)
Security Champion
A Security Champion is a developer or team member embedded within a product or engineering team who acts as a local advocate and first point of contact for sec…
Secure SDLC
Secure SDLC (Secure Software Development Lifecycle) is the practice of integrating security activities — threat modeling, secure coding standards, security tes…
DevSecOps Pipeline
A DevSecOps pipeline is a CI/CD pipeline that integrates automated security tooling and gates — such as static analysis, dependency scanning, secrets detection…
Shift-Left Security
Shift-left security is the practice of moving security activities — such as threat modeling, code review, and automated scanning — earlier ('left') in the soft…
Static Application Security Testing (SAST)
Static Application Security Testing (SAST) is a security testing technique that analyzes an application's source code, bytecode, or binaries without executing…
Dynamic Application Security Testing (DAST)
Dynamic Application Security Testing (DAST) is a security testing technique that probes a running application from the outside — sending crafted HTTP requests…
Interactive Application Security Testing (IAST)
Interactive Application Security Testing (IAST) is a security testing technique that uses an instrumentation agent running inside a live application to observe…
Runtime Application Self-Protection (RASP)
Runtime Application Self-Protection (RASP) is a security technology that runs inside a production application, monitoring its own execution in real time and au…