Tag Archives: devsecops

DevSecOps Tools and Processes

Goal: Have an automated, auditable secure CI/CD environment where security controls are transparent to developers and users. To this end, I propose the following: Ensure development, QA, and production servers are configured identically but with different passwords. Ensure that secret information (API keys, passwords, AWS credentials, private  data, PII, etc.) is adequately protected at-rest and …