1 views collected around this technical thread.
At the 21st GOPS Global Operations Conference in Shanghai, Shenwan Hongyuan Securities' application security lead Wang Biansi detailed a step‑by‑step 100‑day journey to create a DevSecOps sample room, covering goal setting, research, platform design, tool integration, and security training.
This article explains how ICBC's software development center integrated DevSecOps practices—embedding security awareness, automating toolchains, and using metric‑driven assessments—to reduce vulnerabilities, lower compliance risk, and support a cloud‑native, secure smart‑banking ecosystem.
The 2022 Cloud Native Security State Report reveals that while enterprises increased cloud usage by over 25% during the pandemic, many face security and compliance challenges, and highlights how strong security posture, DevSecOps integration, and automation dramatically reduce friction and boost operational efficiency.
This article details the evolution, architecture, and key technologies of Ant Group's anti‑intrusion platform, explaining how it handles trillion‑level data streams for intrusion detection, performs multi‑dimensional risk assessment and attribution, and enables rapid, automated security incident response across massive enterprise environments.
This article examines injection vulnerabilities in Java template engines Velocity, FreeMarker, and Thymeleaf, details payload extraction, demonstrates how to generate automated detection rules and security operation capabilities, and discusses future directions for comprehensive attack‑chain analysis.
In a detailed interview, XMirror Security founder Zi‑Ya discusses the origins of his team, the core elements of DevSecOps, the innovative code‑vaccine technology combining IAST and RASP, maturity stages of development security in China, and future trends in software‑supply‑chain security.
iQIYI’s SOAR platform, built on StackStorm and the Walkoff visual editor, integrates security components, scripts, chat‑ops bots, and a mini‑program to automate detection and response, cutting MTTR by roughly 75% across high‑frequency routine tasks and low‑frequency critical incidents while planning broader coverage and knowledge‑base expansion.
OPPO’s security team outlines its DevSecOps transformation, detailing how security and privacy activities are embedded across product lifecycles—from requirement reviews and automated CI/CD scans to comprehensive protection layers, cultural initiatives, external collaborations, and continuous improvement to meet global compliance challenges.
The article recaps the fourth Enterprise DevOps Empowerment conference, highlighting DevSecOps as the core theme, expert presentations from China Academy of Information and Communications Technology, Huatai Securities, and Tencent, and a detailed Q&A covering threat modeling, security automation, scanning practices, and operational integration.
This article explains how to embed static application security testing (SAST) into a DevSecOps CI/CD pipeline by defining five essential checkpoints—pre‑commit, commit‑time, build‑time, test‑time, and deployment—covering purpose, benefits, handling false positives, result merging, custom rule sets, and automation strategies.