BestHub
Sign in
Tag

DevSecOps

0 views collected around this technical thread.

Cloud Native Technology Community
Cloud Native Technology Community
Jun 13, 2025 · Cloud Native

CNAPP: The Key to Securing Cloud‑Native Applications from Containers to Lifecycle

This article examines the evolution of container security into comprehensive cloud‑native protection, explaining CNAPP concepts, technical roadmaps, industry challenges, and best‑practice recommendations for integrating security across the entire application lifecycle, while highlighting market trends and future directions.

CNAPPContainer SecurityDevSecOps
0 likes · 26 min read
CNAPP: The Key to Securing Cloud‑Native Applications from Containers to Lifecycle
Cloud Native Technology Community
Cloud Native Technology Community
Mar 6, 2025 · Information Security

Shift-Down Security: Embedding Security into Cloud‑Native Platforms

The article introduces the Shift‑Down Security model for Kubernetes, explaining how moving security controls into the platform complements Shift‑Left practices, reduces vulnerabilities and configuration errors, and enables collaborative, automated, and adaptive protection across development, operations, and security teams in cloud‑native environments.

DevSecOpsKubernetesPlatform Security
0 likes · 14 min read
Shift-Down Security: Embedding Security into Cloud‑Native Platforms
Efficient Ops
Efficient Ops
Dec 30, 2024 · Operations

How China’s Top Bank Secured Dual DevOps & DevSecOps Certifications

In 2024, China’s Bank of Communications became the first state-owned bank to earn dual certifications for ITU DevOps and domestic DevSecOps standards, showcasing advanced performance‑measurement, security, and continuous‑testing platforms that align with national information‑standard internationalization goals.

BankingTechnologyDevOpsDevSecOps
0 likes · 11 min read
How China’s Top Bank Secured Dual DevOps & DevSecOps Certifications
Efficient Ops
Efficient Ops
Dec 23, 2024 · Information Security

How China Pacific Insurance Earned Dual International & Domestic DevSecOps Certifications

China Pacific Insurance’s chief technology expert and senior security manager discuss how their flagship e‑commerce platform achieved the DevSecOps security delivery level‑2 assessment, the challenges faced, cultural and procedural changes implemented, and the measurable benefits of aligning with both ITU international and domestic standards.

Case StudyChinaDevSecOps
0 likes · 15 min read
How China Pacific Insurance Earned Dual International & Domestic DevSecOps Certifications
Efficient Ops
Efficient Ops
Dec 18, 2024 · Information Security

How China Pacific Insurance Achieved Advanced DevSecOps Certification and Boosted Security

China Pacific Insurance (CPIC) detailed its journey through the dual ITU DevOps international and domestic DevSecOps assessments, sharing the cultural, procedural, and technical practices that enabled it to attain a Level‑2 security delivery certification and elevate its overall risk management capabilities.

DevSecOpsIT governanceInsurance
0 likes · 16 min read
How China Pacific Insurance Achieved Advanced DevSecOps Certification and Boosted Security
Efficient Ops
Efficient Ops
Dec 18, 2024 · Information Security

How a Chinese Bank Won Top‑Tier DevSecOps Certification

The article details how China’s Bank of Communications achieved top‑tier DevSecOps certification under both the ITU international standard and China’s domestic DevOps maturity model, describing the assessment process, security tool improvements, interview insights, and the broader push for standardization and digital financial risk mitigation.

Bank of CommunicationsCAICTDevSecOps
0 likes · 11 min read
How a Chinese Bank Won Top‑Tier DevSecOps Certification
DevOps
DevOps
Nov 28, 2024 · Information Security

The Myths and Challenges of Security Left‑Shift in Software Development

This article examines the origins, questionable cost‑saving claims, and practical challenges of the security‑left‑shift movement, highlighting CISA’s skeptical report, the over‑reliance on tools, and the need for empirical research to validate security integration early in the software development lifecycle.

CISADevSecOpsSecurity
0 likes · 11 min read
The Myths and Challenges of Security Left‑Shift in Software Development
DevOps
DevOps
Nov 26, 2024 · Information Security

10 Best‑Practice Principles for Implementing a Secure Development Lifecycle (SDL)

This article outlines ten essential best‑practice principles for implementing a Secure Development Lifecycle (SDL), covering top‑down leadership, alignment with existing management systems, visualizable processes, security goal classification, componentized security capabilities, supply‑chain management, service‑oriented SDL, DevSecOps toolchains, continuous optimization, and staff training.

Best PracticesDevSecOpsSDL
0 likes · 17 min read
10 Best‑Practice Principles for Implementing a Secure Development Lifecycle (SDL)
DevOps Cloud Academy
DevOps Cloud Academy
Nov 11, 2024 · Information Security

Implementing a Secure Multi‑Language DevSecOps CI/CD Pipeline with Jenkins

This article details how to build a comprehensive DevSecOps CI/CD pipeline using Jenkins that integrates source control, SonarCloud, Snyk, Docker, Trivy, Kubernetes, and ZAP to automate building, testing, scanning, and deploying multi‑language applications securely and efficiently.

CI/CDDevSecOpsDocker
0 likes · 17 min read
Implementing a Secure Multi‑Language DevSecOps CI/CD Pipeline with Jenkins
Bilibili Tech
Bilibili Tech
Aug 2, 2024 · Information Security

Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps

At Bilibili, the security team adapted Microsoft’s Security Development Lifecycle by establishing capability practices such as training, threat modeling, secure coding, and component scanning, integrating these processes into development pipelines through dedicated business partners, extending protection to the full data lifecycle, and evolving toward automated DevSecOps with in‑pipeline DAST and a custom vulnerability management platform.

DASTDevSecOpsSDL
0 likes · 15 min read
Security Development Lifecycle (SDL) at Bilibili: Implementation, Data Lifecycle Security, and DevSecOps
Efficient Ops
Efficient Ops
Apr 25, 2024 · Information Security

How China Agricultural Bank Achieved National‑Level DevSecOps Excellence Across Five Projects

China Agricultural Bank’s five key projects—including a unified encryption platform, mobile note app, WeChat credit‑card service, open‑banking gateway, and IoT operation module—successfully passed the CAICT DevSecOps Level‑2 assessment, demonstrating advanced security capabilities and offering valuable insights into large‑scale DevSecOps implementation.

Case StudyDevOpsDevSecOps
0 likes · 16 min read
How China Agricultural Bank Achieved National‑Level DevSecOps Excellence Across Five Projects
DevOps
DevOps
Jan 9, 2024 · Fundamentals

Top 10 Software Development Trends for 2024

2024 will see software development transformed by quantum computing integration, edge‑IoT synergy, blockchain beyond cryptocurrency, responsible AI practices, AR/VR convergence, DevSecOps security embedding, continued containerization and serverless adoption, progressive web apps, test automation, and cloud‑native multi‑cloud strategies, reshaping how engineers build and deploy applications.

2024AI ethicsDevSecOps
0 likes · 9 min read
Top 10 Software Development Trends for 2024
Efficient Ops
Efficient Ops
Jan 8, 2024 · Information Security

How a Securities Firm Built a 100‑Day DevSecOps Prototype

At the 21st GOPS Global Operations Conference in Shanghai, Shenwan Hongyuan Securities' application security lead Wang Biansi detailed a step‑by‑step 100‑day journey to create a DevSecOps sample room, covering goal setting, research, platform design, tool integration, and security training.

DevSecOpsOperationsSecurity Automation
0 likes · 5 min read
How a Securities Firm Built a 100‑Day DevSecOps Prototype
Efficient Ops
Efficient Ops
Dec 18, 2023 · Information Security

How China Postal Savings Bank Reached Advanced DevSecOps Standards

The article details China Postal Savings Bank's successful DevSecOps assessment, showcasing the bank's cultural, procedural, and technical implementations that boosted security, collaboration, and compliance, while sharing interview insights and future plans for broader DevSecOps adoption.

Case StudyDevOpsDevSecOps
0 likes · 15 min read
How China Postal Savings Bank Reached Advanced DevSecOps Standards
Efficient Ops
Efficient Ops
Dec 17, 2023 · Information Security

How China Postal Savings Bank Achieved Advanced DevSecOps Standards

China Postal Savings Bank’s software R&D center detailed how its Gold‑Metal Cloud Mall project passed the CAICT DevSecOps Level‑2 assessment, showcasing a comprehensive cultural, process and technical rollout that boosted security metrics, cross‑team collaboration, and positioned the bank at the forefront of digital transformation.

Case StudyDevSecOpsDigital Transformation
0 likes · 17 min read
How China Postal Savings Bank Achieved Advanced DevSecOps Standards
DevOps Cloud Academy
DevOps Cloud Academy
Nov 27, 2023 · Operations

Implementing a DevSecOps CI/CD Pipeline for Multi‑Language Applications with Jenkins

This article walks through building a comprehensive DevSecOps CI/CD pipeline in Jenkins that integrates source control, static analysis, vulnerability scanning, multi‑language builds, Docker image creation, Trivy security checks, Kubernetes deployment, and ZAP DAST testing to securely deliver applications across various runtimes.

CI/CDDevSecOpsDocker
0 likes · 18 min read
Implementing a DevSecOps CI/CD Pipeline for Multi‑Language Applications with Jenkins
Efficient Ops
Efficient Ops
Nov 7, 2023 · Information Security

How CICC Achieved Advanced DevSecOps Standards: A Deep Dive into Their Success

CICC’s two flagship projects passed the DevSecOps Level‑2 security and risk management assessments, showcasing how the firm integrated security into its DevOps pipeline, overcame cultural and technical challenges, and plans further enhancements to maintain a leading position in China’s financial sector.

CICCContinuous DeliveryDevOps assessment
0 likes · 16 min read
How CICC Achieved Advanced DevSecOps Standards: A Deep Dive into Their Success
Efficient Ops
Efficient Ops
Nov 1, 2023 · Information Security

How CICC Reached Advanced DevSecOps Standards: Inside Their Security Success

The article details CICC's successful completion of multiple DevSecOps assessments, shares interview insights from senior IT leaders on cultural, process, and technical implementations, and provides an overview of the DevOps capability maturity model and industry participation statistics, illustrating how standardized DevOps practices boost security and efficiency.

Case StudyContinuous DeliveryDevOps
0 likes · 16 min read
How CICC Reached Advanced DevSecOps Standards: Inside Their Security Success
Efficient Ops
Efficient Ops
Oct 30, 2023 · Information Security

How Inner Mongolia Mobile Reached Advanced DevSecOps Standards in China

Inner Mongolia Mobile’s Unified 4A System passed the CAICT DevSecOps Level‑2 security assessment, showcasing how standardized DevOps practices, cultural shifts, process improvements, and automation tools can elevate an enterprise’s security maturity and drive digital transformation.

ChinaDevOpsDevSecOps
0 likes · 11 min read
How Inner Mongolia Mobile Reached Advanced DevSecOps Standards in China
Efficient Ops
Efficient Ops
Oct 27, 2023 · Information Security

How CICC’s iBanker Project Achieved Advanced DevSecOps Certification

At the 2023 GOPS Global Operations Conference, China International Capital Corporation (CICC) showcased its successful DevSecOps Level‑2 assessments for two major projects, revealing detailed cultural, process, and technical practices that elevated its security posture and set a benchmark for the industry.

AssessmentCICCDevOps
0 likes · 15 min read
How CICC’s iBanker Project Achieved Advanced DevSecOps Certification