DevSecOps in a Bottle—The Care and Feeding of Pocket Pipelines
DevSecOps techniques give us the power of receiving rapid feedback and the ability to incorporate new information on an ongoing basis. However, challenges arise when the development pipeline must be established without connection to external networks. There are excellent reasons for doing this, including reducing security risks to systems and proprietary data, but a little more consideration is required to provide our teams on pocket networks the same benefits of an end-to-end DevSecOps pipeline implementation for our container application. We will draw on our practical experience during a project where we containerized a legacy software application. During this project, we walked through design concerns such as automatability, sustainability, security vulnerabilities and mitigation of containers, and the deployment and testing of containers in an isolated environment. We will discuss the pitfalls and triumphs of DevSecOps in these environments, as well as the importance to maintaining a DevSecOps mindset regardless of the available tools.