What is DevSecOps?

DevSecOps is an evolution of the DevOps framework that is critical to IT modernization. The DevSecOps methodology integrates security throughout the entire software development lifecycle to enable teams to deliver secure, high-quality software quicker than ever before. For modern applications, it ensures the contents of the containers and their distributed interactions in production are secure.

Why VMware for DevSecOps?

Improve Auditability & Control

Leverage container metadata from build processes and component validation.

Accelerate Deployment

Automate build processes from specified, known good components to remove friction.

Secure Communications & Data

Make intent-based decisions to authorize, block or quarantine access based on a Common Vulnerability Scoring System (CVSS).

Fix Vulnerabilities Faster

Rebuild containers with the latest updates automatically, without interrupting development teams.

Prioritize by Risk

With risk-prioritized vulnerability assessment, patch critical vulnerabilities first and shift focus to higher value activities.

Improve Operational Efficiency

Streamline operational tasks — like cluster provisioning and access management — and increase efficiency of operating multiple clusters.

Benefits of Integrating Development, Operations and Security

Develop Secure Software

Give your microservices built-in protection against top security risks and streamline integration with standard authentication protocols. For Java developers, Spring Security provides a comprehensive authentication and access-control framework.

Automate Container Builds

Get a centralized image build system to automate container builds and patching using standard operating system libraries and dependencies — no developer intervention needed.

Secure Application Building Blocks

Easily access public container registries with a curated catalog of secure, access-controlled images that are always up to date, validated and auditable. Images include verifiable proof of provenance for all libraries and binaries, delivered through auditable container metadata.

Secure the Full Container Lifecycle

Enable enterprise-grade container security at the speed of DevOps with continuous visibility, security and compliance for containerized applications from development to production — in any on-premises or public cloud environment.

Secure Applications in Production Across Clouds

Operationalize a DevSecOps approach with uniform policies and access controls across your Kubernetes estate. Add to that full-stack observability for visibility into the health and performance of workloads and clusters across clouds with actionable data.

Connect and Protect Your Apps

Meet your service-level objectives with consolidated Kubernetes ingress services to simplify cluster operation, and a service mesh with the authorization and encryption features needed to secure communications and protect data in transit.


Frequently Asked Questions (FAQ)

DevSecOps is DevOps with security included throughout the software lifecycle, enabling teams to deliver secure, high-quality software fast. For modern apps, it ensures the contents of the containers and their distributed interactions in production are secure.

DevOps is a set of software delivery practices instrumented through automation that remove manual steps and handoffs from development to operations, streamlining the path to production. With DevSecOps, security is baked into how software is developed, tested, built, deployed and run — removing delivery obstacles and mitigating risks. 

DevSecOps helps align development, operations, and security professionals on the goal of speedy software delivery while enhancing an organization’s security posture. With modern apps, automation is required to effectively integrate security throughout the container lifecycle while maintaining velocity.

Developers deliver containerized software at varied release cadences and use pre-packaged open source containers from various repositories, which can lead to potential security risk. One of the most important DevSecOps practices you can undertake for Kubernetes is to create policies requiring that only approved software can run in production and enforcing those policies in an automated, transparent way.

DevSecOps automates delivery of secure software and ensures that apps can be performant and secure at scale when running in production. Modern apps require reliable, secure connectivity and the ability to scale quickly without disruption. A service mesh can provide app-level security controls, like traffic encryption and authorization policies, while enabling load balancing and autoscaling. 

VMware Products for DevSecOps

Tanzu Application Platform

Unlock developer productivity with a modular, application-aware platform that provides a rich set of developer tooling and a pre-paved path to production. Build and deploy software quickly and securely on any compliant public cloud or on-premises Kubernetes cluster.

Tanzu for Kubernetes Operations

Build a modern Kubernetes-based container infrastructure at scale with tools, automation, and insights that boost developer productivity, secure applications and data, and optimize infrastructure performance across all of your clouds.

Tanzu Labs

Learn how to bake security into your platform while running at scale, and empower your developers to continually meet the needs of your business quickly, effectively and securely.

VMware Carbon Black Container

Enable continuous visibility, security and compliance for the full lifecycle of Kubernetes applications for any public cloud or on-premises deployment.

Related App Modernization Solutions

Modernize Existing Apps

Improve application performance by taking advantage of advances in cloud computing, app architecture and development processes.

Build Modern Apps and Microservices

Enhance security posture across all phases of the workload lifecycle, including developing new virtualized apps, automatically scaling and growing existing apps, and monitoring long-running workloads.

Consume Kubernetes Across Clouds

Make the best use of Kubernetes across environments — on premises, public cloud or edge — and deploy and operate with consistency.

Ready to Get Started?