Tagged articles

144 articles

Page 2 of 2

Dec 27, 2021 · Operations

How Zhongyuan Bank Achieved Advanced DevSecOps Maturity: A Success Story

Zhongyuan Bank’s personal mobile banking project passed the national DevSecOps security and risk management assessment, showcasing how standardized DevOps practices, a dedicated security platform, and cultural, procedural, and technical integration can elevate a financial institution’s development lifecycle to an advanced, industry‑leading level.

BankingDevOpsDevSecOps

0 likes · 13 min read

How Zhongyuan Bank Achieved Advanced DevSecOps Maturity: A Success Story

Efficient Ops

Dec 26, 2021 · Operations

How Zhengzhou Bank Achieved Advanced DevSecOps Maturity: Insights and Lessons

The article reports on Zhengzhou Bank's successful DevSecOps assessment at the 2021 GOLF+ IT New Governance Forum, detailing the bank's interview on implementation practices, cultural, process and technical measures, and the broader significance of the national DevOps maturity model for digital governance.

DevSecOpsDigital GovernanceMaturity Assessment

0 likes · 12 min read

How Zhengzhou Bank Achieved Advanced DevSecOps Maturity: Insights and Lessons

Cloud Native Technology Community

Dec 21, 2021 · Industry Insights

How the U.S. DoD’s DevSecOps Strategy Shapes Cloud‑Native Adoption

The article examines the U.S. Department of Defense’s DevSecOps initiative, outlining its cloud‑computing challenges, the shift to Kubernetes, Istio and Knative, the creation of a centralized container registry, and the broader lessons for large organizations seeking open‑source, vendor‑neutral cloud‑native transformations.

Cloud NativeDevSecOpsGovernment

0 likes · 8 min read

How the U.S. DoD’s DevSecOps Strategy Shapes Cloud‑Native Adoption

Alibaba Terminal Technology

Nov 24, 2021 · Mobile Development

Taobao’s Blueprint for Mobile Client Safety: From Development to Emergency

This article explains how Taobao builds a comprehensive client safety production system—covering development, build, release, and emergency stages—by leveraging Alibaba's mature technical solutions, automated platforms, and data‑driven processes to continuously improve code quality, user experience, and operational reliability.

DevSecOpsMobile Developmentclient safety

0 likes · 15 min read

Taobao’s Blueprint for Mobile Client Safety: From Development to Emergency

21CTO

Sep 9, 2021 · Information Security

Why the US Air Force’s Chief Security Officer Resigned: DevSecOps Hurdles Revealed

The US Air Force’s chief security officer, Nicolas Chaillan, stepped down, citing the daunting challenges of implementing DevSecOps and the Air Force’s failure to prioritize IT security, inconsistent policies, and outdated procurement practices that hinder large‑scale projects.

DevSecOpsMilitary ITUS Air Force

0 likes · 3 min read

Why the US Air Force’s Chief Security Officer Resigned: DevSecOps Hurdles Revealed

DevOps Cloud Academy

Sep 3, 2021 · Operations

2021 China DevOps Landscape Survey Report Highlights

The 2021 China DevOps Landscape Survey, conducted by the Cloud Computing Open Source Industry Alliance with 1,862 valid responses across multiple sectors, reveals that over half of Chinese enterprises have reached comprehensive DevOps maturity, agile development is widespread, DevSecOps adoption exceeds 50%, and IAST tools, especially Xmirror’s LingMai, dominate the security tooling market.

ChinaDevOpsDevSecOps

0 likes · 6 min read

2021 China DevOps Landscape Survey Report Highlights

Dada Group Technology

Jul 16, 2021 · Information Security

Application Security Testing Practices and Risk Assessment at JD Daojia

This article outlines JD Daojia's comprehensive application security strategy, including risk analysis, threat modeling, DevSecOps processes, open‑source component scanning, SAST/DAST/IAST testing, manual security assessments, and evaluation of testing effectiveness to mitigate vulnerabilities before production.

Application SecurityDevSecOpsThreat Modeling

0 likes · 13 min read

Application Security Testing Practices and Risk Assessment at JD Daojia

MaGe Linux Operations

Jul 8, 2021 · Information Security

How to Secure Every Layer of Your Container Stack: Best Practices

This article outlines comprehensive container security best practices across kernel, container image, runtime, pod, network, node, and cluster components, emphasizing how to harden each layer in Kubernetes environments to protect against attacks and maintain robust, scalable deployments.

Cloud NativeContainer SecurityDevSecOps

0 likes · 9 min read

How to Secure Every Layer of Your Container Stack: Best Practices

Efficient Ops

Jun 29, 2021 · Operations

What Drives Successful DevOps? Insights from Shanghai’s Best‑Practice Salon

The Shanghai DevOps Best‑Practice Salon gathered experts from banks and tech firms to share real‑world experiences on DevOps adoption, lean R&D efficiency, agile pipeline construction, and DevSecOps integration, offering actionable lessons for modern IT operations.

Continuous DeliveryDevOpsDevSecOps

0 likes · 4 min read

What Drives Successful DevOps? Insights from Shanghai’s Best‑Practice Salon

DevOps Cloud Academy

Jun 14, 2021 · Information Security

7 Best Practices for Microservice Security

This article explains how microservice architecture introduces new security challenges and presents seven best‑practice recommendations—including using an API gateway, strong defense layers, DevSecOps, trusted encryption libraries, service‑level security, multi‑factor authentication, and dependency verification—to help protect microservice‑based applications.

Dependency ScanningDevSecOpsMFA

0 likes · 6 min read

7 Best Practices for Microservice Security

DevOps

May 11, 2021 · Information Security

Understanding DevSecOps: Principles, Benefits, and CI/CD Implementation

This article explains what DevSecOps is, why integrating security into DevOps is essential in fast‑paced software delivery, outlines its key characteristics and benefits, and provides practical guidance on organizational, process, and tooling practices—including CI/CD pipelines and open‑source security tools.

AutomationCloud NativeDevSecOps

0 likes · 15 min read

Understanding DevSecOps: Principles, Benefits, and CI/CD Implementation

DevOps

May 7, 2021 · Information Security

Container Image Security: Challenges, Scanning in the SDLC, and Best Practices

This article examines the growing security concerns of container images, presents alarming vulnerability statistics, explains why image scanning should be placed before image push in the CI/CD pipeline, and outlines practical best‑practice recommendations such as using lightweight base images, non‑root users, secret management, minimal packages, Dockerfile linting, and avoiding unmaintained images.

Container SecurityDevSecOpsDocker

0 likes · 14 min read

Container Image Security: Challenges, Scanning in the SDLC, and Best Practices

Meituan Technology Team

Apr 8, 2021 · Information Security

Threat Modeling: Practices, Challenges, and Implementation Guide

Threat modeling is a systematic, cross‑functional practice that identifies design‑level security flaws early, prioritizes mitigations using methods like ASTRIDE, and integrates risk assessment into DevSecOps, despite tool scarcity and process integration challenges, to reduce costs, meet compliance, and improve overall security maturity.

DevSecOpsSecurity ArchitectureSoftware Security

0 likes · 31 min read

Threat Modeling: Practices, Challenges, and Implementation Guide

DevOps

Apr 8, 2021 · Cloud Native

Encrypting Kubernetes Secrets with Sealed Secrets, Helm Secrets, and Kamus

This article explains three practical methods—Sealed Secrets, Helm Secrets, and Kamus—for encrypting Kubernetes secrets, covering their principles, encryption and decryption processes, installation steps, and usage examples with full command‑line and manifest snippets to securely store sensitive data in GitOps workflows.

DevSecOpsKamusKubernetes

0 likes · 23 min read

Encrypting Kubernetes Secrets with Sealed Secrets, Helm Secrets, and Kamus

DevOps Cloud Academy

Apr 5, 2021 · Information Security

7 Best Practices for Microservice Security

Microservice architectures increase deployment flexibility but also expand the attack surface, so this article outlines seven essential security best practices—including using an API gateway, layered defenses, DevSecOps, trusted encryption libraries, service-level protection, multi-factor authentication, and dependency vulnerability scanning—to safeguard microservice-based applications.

Dependency ScanningDevSecOpsMFA

0 likes · 6 min read

DevOps

Mar 30, 2021 · Operations

2021 DevOps Trends and Future Predictions

The article reviews eight major DevOps trends expected in 2021—including infrastructure automation, application release orchestration, evolving toolchains, DevSecOps, APM, cloud‑management platforms, AgileOps, and chaos engineering—while also offering the author’s own forecasts for how DevOps, CI/CD, cloud‑native, AI, and people‑centric practices will shape the industry in the coming years.

2021 TrendsCloud NativeDevOps

0 likes · 17 min read

2021 DevOps Trends and Future Predictions

Cloud Native Technology Community

Mar 25, 2021 · Operations

What Are the Top DevOps Trends Shaping 2021 and Beyond?

This article analyzes the most influential DevOps trends for 2021, including the rise of DevSecOps, AI‑driven AIOps, infrastructure automation, chaos engineering, serverless adoption, hybrid cloud, GitOps, and edge computing, backed by market forecasts and expert predictions.

CloudNativeDevOpsDevSecOps

0 likes · 10 min read

What Are the Top DevOps Trends Shaping 2021 and Beyond?

DevOps Cloud Academy

Mar 16, 2021 · Information Security

Best Practices for Implementing DevSecOps: Security Model, Governance, Automation, and Training

The article outlines six key DevSecOps best practices—including establishing a security model, enforcing governance policies, automating security tasks, training developers, applying network segmentation, and limiting administrative privileges—to help organizations overcome staffing and collaboration challenges while maintaining consistent security throughout the development and operations lifecycle.

AutomationDevSecOpsOperations

0 likes · 4 min read

Best Practices for Implementing DevSecOps: Security Model, Governance, Automation, and Training

DevOps Cloud Academy

Mar 13, 2021 · Operations

2021 DevOps Trends and Predictions: Microservices, DevSecOps, IA, AIOps, AgileOps, AI/ML, Kubernetes, and Cloud Management

The article outlines eight major 2021 DevOps trends—including the rise of microservices, increased DevSecOps adoption, infrastructure automation, predictive analytics in AIOps, AgileOps, AI/ML‑driven pipelines, Kubernetes integration, and cloud management platforms—highlighting their benefits and future impact on software delivery.

Cloud ManagementDevOpsDevSecOps

0 likes · 7 min read

2021 DevOps Trends and Predictions: Microservices, DevSecOps, IA, AIOps, AgileOps, AI/ML, Kubernetes, and Cloud Management

Efficient Ops

Jan 4, 2021 · Information Security

How DevSecOps Is Transforming Secure Software Delivery – 2020 Report Insights

The 2020 DevSecOps Industry Insight Report, released by XuanJing Security and Freebuf Consulting, examines the rapid adoption of DevSecOps in China, highlights survey results from over a thousand IT professionals, outlines a security tool pyramid, and forecasts emerging trends and best practices for agile security.

Agile DevelopmentDevSecOpsIndustry Report

0 likes · 6 min read

How DevSecOps Is Transforming Secure Software Delivery – 2020 Report Insights

DevOps Cloud Academy

Dec 29, 2020 · Information Security

Understanding DevSecOps: Integrating Security into DevOps Practices

The article explains how DevSecOps extends DevOps by embedding security controls throughout the software lifecycle, outlines its key components, adoption steps, essential tools, implementation capabilities, and the business benefits of merging security with development and operations.

AutomationDevOpsDevSecOps

0 likes · 8 min read

Understanding DevSecOps: Integrating Security into DevOps Practices

Efficient Ops

Dec 23, 2020 · Information Security

How Huatai Securities Achieved Advanced DevSecOps Maturity in Its Data Science Platform

Huatai Securities' data science development platform passed the DevSecOps security and risk management assessment at level 2, showcasing advanced domestic security practices, and the interview reveals the cultural, procedural, and technical steps that enabled this achievement and future improvement plans.

Data Science PlatformDevOpsDevSecOps

0 likes · 13 min read

How Huatai Securities Achieved Advanced DevSecOps Maturity in Its Data Science Platform

Efficient Ops

Dec 23, 2020 · Information Security

How Ping An Bank Achieved National‑Level DevSecOps Maturity with the Starlink Platform

The 2020 GOLF+ IT New Governance Leadership Forum in Beijing showcased Ping An Bank's Smart Due Diligence System passing the first DevSecOps security and risk management assessment, highlighting the role of the Starlink platform in integrating DevOps practices, enhancing security, and driving industry‑wide IT governance improvements.

DevOpsDevSecOpsIT Governance

0 likes · 11 min read

How Ping An Bank Achieved National‑Level DevSecOps Maturity with the Starlink Platform

Efficient Ops

Dec 23, 2020 · Information Security

How ICBC’s Mobile Banking Achieved DevSecOps Maturity: A Deep Dive

The article details how Industrial and Commercial Bank of China’s mobile banking project passed the DevSecOps security and risk‑management assessment, outlining the standards, implementation steps, challenges faced, and the benefits gained for both the organization and the broader financial industry.

Case StudyDevOpsDevSecOps

0 likes · 11 min read

How ICBC’s Mobile Banking Achieved DevSecOps Maturity: A Deep Dive

DevOps Cloud Academy

Dec 14, 2020 · Information Security

Why Adopt DevSecOps? Integrating Security into CI/CD Pipelines

The article explains how DevSecOps embeds security controls into CI/CD pipelines, enabling continuous delivery while addressing vulnerabilities, fostering collaboration between development and security teams, and ultimately improving software quality, market reputation, and consumer trust.

AutomationDevSecOpsci/cd

0 likes · 4 min read

Why Adopt DevSecOps? Integrating Security into CI/CD Pipelines

Cloud Native Technology Community

Dec 1, 2020 · Information Security

Cloud Native Security Whitepaper – A Comprehensive Guide to Securing Cloud‑Native Development, Deployment, and Operations

This whitepaper provides a detailed, end‑to‑end framework for organizations and technical leaders to understand, implement, and continuously improve security across the cloud‑native lifecycle—covering development, release, deployment, runtime, supply‑chain protection, zero‑trust architecture, and compliance—while emphasizing automation, observability, and cross‑functional collaboration.

ContainerDevSecOpsSecurity

0 likes · 58 min read

Cloud Native Security Whitepaper – A Comprehensive Guide to Securing Cloud‑Native Development, Deployment, and Operations

DevOps Cloud Academy

Oct 27, 2020 · Information Security

Implementing Multi‑Layered DevSecOps: Balancing Strong Security with Rapid, Frequent Deployments

The article explains how to structure DevSecOps into multiple security layers—from fast inline scans at code commit to continuous post‑deployment monitoring—so that organizations can maintain strong protection while still delivering changes daily or even hourly.

DevSecOpsSoftware Securityci/cd

0 likes · 11 min read

Implementing Multi‑Layered DevSecOps: Balancing Strong Security with Rapid, Frequent Deployments

Programmer DD

Oct 10, 2020 · Information Security

Cisco & Veeam’s Cloud‑Native Security Moves: Inside Portshift and Kasten Acquisitions

Cisco and Veeam are bolstering their product portfolios with cloud‑native security acquisitions—Cisco buying Portshift and Veeam acquiring Kasten—to integrate DevSecOps capabilities, support Kubernetes security, and offer unified cloud data management, though financial details remain undisclosed.

DevSecOpsEnterpriseacquisitions

0 likes · 4 min read

Cisco & Veeam’s Cloud‑Native Security Moves: Inside Portshift and Kasten Acquisitions

DevOps Cloud Academy

Sep 25, 2020 · Operations

Understanding DevOps, SecOps, and DevSecOps: Definitions, Benefits, and Choosing the Right Approach

This guide explains the concepts of DevOps, SecOps, and DevSecOps, outlines their respective benefits, and helps organizations decide which security‑focused operational model best fits their needs by comparing their focus on integration, automation, and collaboration across development, operations, and security teams.

AutomationCollaborationDevOps

0 likes · 6 min read

DevOps

Sep 7, 2020 · Information Security

OPPO’s DevSecOps Practice: Embedding Security and Privacy Across the Development Lifecycle

OPPO’s security team outlines its DevSecOps transformation, detailing how security and privacy activities are embedded across product lifecycles—from requirement reviews and automated CI/CD scans to comprehensive protection layers, cultural initiatives, external collaborations, and continuous improvement to meet global compliance challenges.

DevSecOpsOPPOci/cd

0 likes · 12 min read

OPPO’s DevSecOps Practice: Embedding Security and Privacy Across the Development Lifecycle

Programmer DD

Aug 5, 2020 · Information Security

Massive Source Code Leak Exposes Hundreds of Companies – What Went Wrong?

Recent misconfigurations in DevOps tools led to a massive leak of source code from dozens of major tech, finance, and manufacturing firms—including Microsoft, Adobe, Nintendo, and Lenovo—prompting security experts to warn of hard‑coded credentials, legal risks, and the urgent need for robust DevSecOps practices.

DevOps SecurityDevSecOpsGitLab

0 likes · 5 min read

Massive Source Code Leak Exposes Hundreds of Companies – What Went Wrong?

Architects Research Society

Jul 28, 2020 · Information Security

11 Practical Tips for Delivering Security as Code in DevOps

This article explains what "security as code" means, why shifting security left in the software development lifecycle matters, and provides eleven actionable tips—including understanding Secure SDLC, using SAMM, integrating SAST/DAST, and automating security checks—to help teams embed security directly into their DevOps pipelines.

AutomationDASTDevSecOps

0 likes · 10 min read

11 Practical Tips for Delivering Security as Code in DevOps

Efficient Ops

Jul 16, 2020 · Information Security

When Revenge Triggers IT Disasters: Lessons on Employee Dissatisfaction and Security

The article examines how personal grievances have led to tragic events—from a bus driver’s fatal crash to destructive IT incidents—highlighting the need for psychological care, robust security policies, and a DevSecOps mindset to prevent such revenge‑driven catastrophes.

DevSecOpsIT Governanceemployee wellbeing

0 likes · 5 min read

When Revenge Triggers IT Disasters: Lessons on Employee Dissatisfaction and Security

Ctrip Technology

Jul 9, 2020 · Information Security

Ctrip's DevSecOps Practices and Challenges

The article details Ctrip's DevSecOps challenges and solutions, covering security team structuring, threat modeling, SCA and SAST integration, IAST/DAST architecture, vulnerability management, and the resulting improvements in automated security testing within a high‑frequency CI/CD environment.

DevSecOpsIASTSAST

0 likes · 12 min read

Ctrip's DevSecOps Practices and Challenges

Tencent Cloud Developer

Jun 5, 2020 · Information Security

DevSecOps and Secure Development Lifecycle (SDL): Concepts, Practices, and Implementation

The article explains how DevSecOps extends the Secure Development Lifecycle by embedding security early and throughout CI/CD pipelines, combining threat‑based and vulnerability‑based defenses, automated testing tools such as SAST, DAST, IAST, and SCA, and fostering a collaborative culture of shared responsibility, illustrated by Tencent Cloud’s comprehensive “Golden Pipeline” implementation.

DevSecOpsSDLSecure Development Lifecycle

0 likes · 14 min read

DevSecOps and Secure Development Lifecycle (SDL): Concepts, Practices, and Implementation

DevOps Cloud Academy

May 21, 2020 · Operations

GitLab 4th Annual Global DevSecOps Survey Shows Developers Gaining More Control Over Infrastructure and Security

The GitLab 2023 DevSecOps survey of 3,700 software professionals reveals that developers are increasingly responsible for configuring environments, managing infrastructure, and handling security, while organizations report higher deployment frequencies, broader CI/CD tool adoption, and persistent testing and vulnerability‑prioritization challenges.

DevSecOpsDeveloper OperationsGitLab Survey

0 likes · 5 min read

GitLab 4th Annual Global DevSecOps Survey Shows Developers Gaining More Control Over Infrastructure and Security

DevOps

Apr 21, 2020 · Information Security

Integrating SAST Tools into a DevSecOps Pipeline: Five Key Checkpoints and Best Practices

This article explains how to embed static application security testing (SAST) into a DevSecOps CI/CD pipeline by defining five essential checkpoints—pre‑commit, commit‑time, build‑time, test‑time, and deployment—covering purpose, benefits, handling false positives, result merging, custom rule sets, and automation strategies.

DevSecOpsSASTci/cd

0 likes · 20 min read

Integrating SAST Tools into a DevSecOps Pipeline: Five Key Checkpoints and Best Practices

Programmer DD

Feb 20, 2020 · Operations

Top 5 DevOps Trends Shaping 2020: AI, Golang, Serverless & More

The article outlines five major DevOps trends for 2020—including AI‑driven automation, the rising popularity of Golang, the shift toward Serverless and cloud‑native architectures, and the growing emphasis on DevSecOps—highlighting how these developments will transform software delivery and IT operations worldwide.

AIDevSecOpsGolang

0 likes · 5 min read

Top 5 DevOps Trends Shaping 2020: AI, Golang, Serverless & More

DevOps Cloud Academy

Jan 12, 2020 · Information Security

Enabling Security in CI/CD Pipelines with DevSecOps: Concepts, Tools, and Practices

This article explains how DevSecOps integrates security into CI/CD pipelines, discusses the shortcomings of traditional waterfall security, outlines benefits of DevOps, and provides practical tool recommendations and a step‑by‑step example using open‑source solutions like Jenkins and git‑secrets.

AutomationDevOpsDevSecOps

0 likes · 12 min read

Enabling Security in CI/CD Pipelines with DevSecOps: Concepts, Tools, and Practices

dbaplus Community

Oct 19, 2019 · Information Security

Mastering Enterprise Code Auditing: Strategies, Tools, and Best Practices

This comprehensive guide explains why code auditing is essential for modern enterprises, compares enterprise and white‑hat audits, outlines a seven‑step methodology, and reviews both open‑source and commercial SAST tools with practical case studies across PHP, Node.js, Python, and Go.

DevSecOpsDynamic analysisSAST

0 likes · 24 min read

Mastering Enterprise Code Auditing: Strategies, Tools, and Best Practices

Efficient Ops

Jul 18, 2019 · Information Security

How DevOps Can Tackle the Growing Wave of Cloud Security Challenges

The article summarizes Chen Weijia’s DevOps International Summit talk on confronting expanding cloud security threats, covering DevSecOps practices, code scanning tools, encryption strategies, permission segmentation, and unified identity management to balance efficiency and security in modern software delivery.

DevSecOpsIAMci/cd

0 likes · 13 min read

DevOps

Nov 5, 2018 · Information Security

Integrating Security into DevOps: Key Practices from the DevOps Handbook

This article summarizes essential DevSecOps concepts from the DevOps Handbook, explaining how to embed security throughout the software lifecycle—from making security a shared responsibility to integrating automated checks in development, testing, deployment pipelines, and change management—while highlighting real‑world examples and practical recommendations.

AutomationDevOpsDevSecOps

0 likes · 35 min read

Integrating Security into DevOps: Key Practices from the DevOps Handbook

vivo Internet Technology

Jun 5, 2018 · Operations

DevOps International Summit 2024: Latest Practices and Technologies

The DevOps International Summit 2024 in Beijing, the sole China‑based global DevOps conference, brings together over 80 leading experts to showcase end‑to‑end practices—from Lean‑Agile, Continuous Delivery, SRE, and microservices to DevSecOps, AI‑driven tooling, and the new Research and Operations Integration Capability Maturity Model—through industry‑focused tracks, hands‑on training, and real‑world case studies across finance, telecom, retail and more.

Continuous DeliveryDevOpsDevOps Summit

0 likes · 3 min read

DevOps International Summit 2024: Latest Practices and Technologies

Efficient Ops

Dec 5, 2015 · Information Security

Cultivating Secure Development Talent, Effective Security Visualization, and the Role of Machine Learning

This article shares insights from a security‑focused discussion on nurturing security‑oriented developers, balancing leadership and analyst needs in security visualization, and evaluating whether machine‑learning techniques truly add value to internal security data processing.

DevSecOpsinformation securitymachine learning

0 likes · 7 min read

Cultivating Secure Development Talent, Effective Security Visualization, and the Role of Machine Learning