DevSecOps e Shift-Left Security

DevSecOps: security shift-left, SAST/DAST/SCA automation, supply chain security, container scanning, secrets management e security-as-code nella pipeline CI/CD.

10Articles XPHX0XPHX Titres et sous-titres XPHX1XPHX Chapitres XPHX2XPHX Annexes XPHX3XPHX Bibliographie135 minLecture totaleAvanzatoNiveau
DevSecOpsshift-leftSASTDASTsupply chain security

Articoli de la Série XPHX0XPHX Les articles de la série XPHX1XPHX sont les suivants :

  1. 1

    01 - Introduzione a DevSecOps - Shift-Left e Sicurezza nel Ciclo di Sviluppo

    Cosa è DevSecOps vs SecOps, 5 pilastri shift-left, statistiche (70% vulnerabilità scoperte troppo tardi), tool landscape overview, maturity models.

    11 min13-01-2026
  2. 2

    02 - SAST - Analisi Statica del Codice e Rilevamento Vulnerabilità

    SAST vs DAST vs interactive (IAST), tool comparison (SonarQube, Checkmarx, Semgrep), CI/CD integration, rule customization, false positive management, OWASP Top 10 detection.

    14 min20-01-2026
  3. 3

    03 - DAST - Test Dinamico e Penetration Testing Automatico

    DAST tools (Burp Suite, OWASP ZAP), API testing, runtime vulnerabilities, CI/CD pipeline integration, scan scheduling, result triage, comparison SAST vs DAST.

    13 min27-01-2026
  4. 4

    04 - SCA - Software Composition Analysis e Dependency Vulnerabilities

    SCA tools (Snyk, Black Duck, Dependabot), vuln database (NVD, CVE), transitive dependency analysis, license management, update strategies, compliance tracking.

    12 min03-02-2026
  5. 5

    05 - Container Security - Image Scanning e Runtime Protection

    Container image vulnerabilities, scanning (Trivy, Clair), image signing, registry security, runtime monitoring (Falco), network policies, secrets in containers.

    14 min10-02-2026
  6. 6

    06 - Supply Chain Security - SBOM e Sigstore per Artifact Integrity

    Software Bill of Materials (SBOM) standards (SPDX, CycloneDX), Sigstore for artifact signing, verification, provenance, CIA compliance, SolarWinds lesson.

    15 min07-04-2026
  7. 7

    07 - Secret Management - Automazione e Rotazione di Credenziali

    HashiCorp Vault, sealed-secrets, AWS Secrets Manager, credential rotation, zero-trust secrets, audit logging, anti-patterns (hardcoded secrets).

    13 min14-04-2026
  8. 8

    08 - Policy as Code - Enforcement di Security Policies nel Deployment

    OPA/Rego, Kyverno (Kubernetes), Sentinel (Terraform), policy examples (image registries, resource limits), testing policies, organizational rollout.

    14 min21-04-2026
  9. 9

    09 - CI/CD Security Pipeline - Securing the Build and Deploy Process

    GitHub Actions/GitLab CI security, branch protection, code review enforcement, SBOM generation in CI, artifact signing, deployment approval workflows, audit logs.

    15 min28-04-2026
  10. 10

    10 - Infrastructure as Code Scanning - IaC Security e Terraform Policy

    Terraform scanning (Checkov, tfsec), CloudFormation/ARM security, misconfig detection, policy enforcement, secrets in IaC, best practices.

    14 min05-05-2026

Mettez vos connaissances à l'épreuve !

As-tu lu tous les articles ? Vérifie ce que tu as appris avec le quiz de la série.

Fais le Quiz
Revenir au blog