DevSecOps is an application security (AppSec) practice that introduces security early in the software development life cycle (SDLC). By integrating security teams into the software delivery cycle, DevSecOps expands the collaboration between development and operations teams. This makes security a shared responsibility and requires a change in culture, process, and tools across these core functional groups. Everyone involved in the SDLC has a role to play in building security into the DevOps continuous integration and continuous delivery CI/CD workflow.

Incorporating security continuously across the SDLC helps DevOps teams deliver secure applications with speed and quality. The earlier security can be included in the workflow, the sooner security weaknesses and vulnerabilities can be identified and remedied. This concept is sometimes called “shifting left” because it moves security testing toward developers, enabling them to fix security issues in their code as they develop, rather than waiting until the end of the cycle, when it had traditionally been done. By contrast, DevSecOps spans the entire SDLC, from planning and design to coding, building, testing, and release, with real-time continuous feedback loops and insights.