{"id":74248,"date":"2020-01-07T11:56:28","date_gmt":"2020-01-07T11:56:28","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=74248"},"modified":"2020-08-31T17:26:54","modified_gmt":"2020-08-31T17:26:54","slug":"vulnerability-management-for-devops","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/vulnerability-management-for-devops\/","title":{"rendered":"DevOps Automation for the Secure Cloud: Vulnerability Management"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The fast pace of the technology industry is driving software development companies to find new work models. Developers need to increase the delivery speed and agility of their workflow. Adopting <\/span><a href=\"https:\/\/resources.whitesourcesoftware.com\/blog-whitesource\/devops-pipeline\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">DevOps pipelines<\/span><\/a><span style=\"font-weight: 400;\"> enables organizations to overcome this challenge.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">DevOps is a software development approach that focuses on collaboration between development and operations teams. The goal of DevOps is to streamline processes and deploy products faster.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Managing security risks in a DevOps environment can be challenging. Factors such as configuration changes make this task especially difficult. Compliance requirements and code vulnerabilities also make a DevOps environment vulnerable.\u00a0<\/span><\/p>\n<blockquote><p>Preparing to become a certified DevOps professional? Check our\u00a0<a href=\"https:\/\/www.whizlabs.com\/devops-certifications\/\" target=\"_blank\" rel=\"noopener noreferrer follow\" data-wpel-link=\"internal\">DevOps Certifications Training Courses<\/a>\u00a0now!<\/p><\/blockquote>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The solution to this issue lies in integrating security practices and testing to the DevOps pipeline. This new approach is called DevSecOps, and it requires automating the testing for vulnerabilities. Read on to learn more about vulnerability management for DevOps.\u00a0<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/vulnerability-management-for-devops\/#DevOps_and_DevSecops_An_Overview\" >DevOps and DevSecops: An Overview<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/vulnerability-management-for-devops\/#What_Is_Vulnerability_Management\" >What Is Vulnerability Management?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/vulnerability-management-for-devops\/#Adding_Vulnerability_Monitoring_to_the_DevOps_Pipeline\" >Adding Vulnerability Monitoring to the DevOps Pipeline<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/vulnerability-management-for-devops\/#Vulnerability_Management_for_DevSecOps\" >Vulnerability Management for DevSecOps<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/vulnerability-management-for-devops\/#Automated_Vulnerability_Management\" >Automated Vulnerability Management<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"DevOps_and_DevSecops_An_Overview\"><\/span><span style=\"font-weight: 400;\">DevOps and DevSecops: An Overview<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">DevOps is a software development model that aims to improve the communication and collaboration between the development and operations of business units by applying agile methodology practices. The key feature of a DevOps culture is to deploy software into production quickly, fixing flaws and mistakes on-the-go.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">At the core of the DevOps approach lie two methods: Continuous Integration and Continuous Delivery (CI\/CD). Continuous integration means developers commit code to a central repository at given times, testing the code as they build it. This prevents integration issues. Continuous delivery gets all changes into production safely and quickly.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The goal of CI\/CD is to streamline deployments into activities that can be performed on demand. To achieve this, the DevOps process includes automation, which ensures the code is ready for deployment.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Security was not included in the original DevOps approach. The clash between traditional security models with the new agile methodology produced challenges, such as stalled processes. These challenges were addressed by integrating security practices and protocols into the DevOps approach, creating the DevSecOps model.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The DevSecOps model enables developers to practice a test-driven development approach, ensuring that the code is functional before advancing to the next stage. A DevSecOps environment tests for security across the pipeline, avoiding the bottleneck effect of previous security models.\u00a0<\/span><\/p>\n<figure id=\"attachment_74249\" aria-describedby=\"caption-attachment-74249\" style=\"width: 752px\" class=\"wp-caption alignnone\"><img decoding=\"async\" class=\"wp-image-74249 size-full\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/Devops.png\" alt=\"Devops vs DevSecOps\" width=\"752\" height=\"442\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/Devops.png 752w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/Devops-300x176.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/Devops-715x420.png 715w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/Devops-640x376.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/Devops-681x400.png 681w\" sizes=\"(max-width: 752px) 100vw, 752px\" \/><figcaption id=\"caption-attachment-74249\" class=\"wp-caption-text\">Image Source: https:\/\/commons.wikimedia.org\/wiki\/File:DevOps_vs_DevSecOps_Mginise.jpg<\/figcaption><\/figure>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">DevSecOps integrates security practices into the DevOps process by creating a culture of Security as Code. Security as Code policies integrate security protocols and testing into DevOps practices and tools, making them an integral part of the workflow. You can achieve a Security as Code culture by documenting how your team introduces changes into the code. The team can then use this mapping to place the security checks and tests on the pipeline.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">DevSecOps integrates two seemingly opposite goals into a single process\u2014delivering code fast and producing secure code. Security teams can no longer be blamed for slowing down the delivery cycle, because security was shifted left and integrated seamlessly into the workflow. Now, when the team finds a security flaw, it can be handled immediately to prevent incidents.\u00a0<\/span><\/p>\n<blockquote><p>Must Read:\u00a0<a href=\"https:\/\/www.whizlabs.com\/blog\/automation-testing-tools\/\" target=\"_blank\" rel=\"noopener noreferrer\">Top 10 Automation Testing Tools<\/a><\/p><\/blockquote>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"What_Is_Vulnerability_Management\"><\/span><span style=\"font-weight: 400;\">What Is Vulnerability Management?<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The term vulnerability management refers to a set of security practices designed to prevent and mitigate the exploitation of the vulnerabilities of a system. Vulnerability management involves several steps, including detection, remediation, and mitigation.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Organizations use specialized software to scan for vulnerabilities in their systems and applications. The system identifies vulnerabilities that can be exploited by an attacker, such as insecure configurations and code flaws. Cloud environments require vulnerability scanning that provides visibility in real-time. These tools can detect vulnerability status, and detect unapproved changes.\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Adding_Vulnerability_Monitoring_to_the_DevOps_Pipeline\"><\/span><span style=\"font-weight: 400;\">Adding Vulnerability Monitoring to the DevOps Pipeline<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Continuous monitoring is a key concept of the DevSecOps approach. A DevSecOps team uses automation tools that monitor a number of categories on a development lifecycle. For example, the team can test if an application is meeting development milestones, such as functions planning or UI\/UX design.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">If you prefer the DevOps model, you can still improve your security posture through the use of automated vulnerability monitoring. Often, these systems don\u2019t require much effort on your part and provide quick and fast implementation. The goal is to enable you to check for vulnerabilities in your application without interrupting the flow of delivery. These systems to that by looking for two main types of vulnerabilities:<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><b>Known vulnerabilities<\/b><span style=\"font-weight: 400;\">\u2014these vulnerabilities are public knowledge. Some organizations such as the <\/span><a href=\"https:\/\/nvd.nist.gov\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">National Vulnerability Database (NVD)<\/span><\/a><span style=\"font-weight: 400;\">, maintain an updated list helping organizations to keep track of their appearance in their products.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Top-level code vulnerabilities<\/b><span style=\"font-weight: 400;\">\u2014such as SQL injections, these vulnerabilities usually appear as a result of insecure coding practices. These vulnerabilities are considered critical because they enable attackers to take control of the applications and servers.\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">You should monitor your application for configuration changes. This will enable you to have a baseline of what your application development should look like. However, achieving a status of continuous monitoring requires the automation of vulnerability scans that historically have run only on a set schedule. Automation prevents human errors and time gaps between scans, effectively monitoring the development process.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Applying continuous monitoring practices for vulnerability scanning can enhance your vulnerability management program, keeping your pipeline constantly under surveillance. It will help you detect vulnerabilities earlier, and determine the effectiveness of your remediation practices.\u00a0<\/span><\/p>\n<blockquote><p>Kubernetes certifications are among the top 5 DevOps certifications. Read our previous blog to know about <a href=\"https:\/\/www.whizlabs.com\/blog\/best-devops-certifications\/\" target=\"_blank\" rel=\"noopener noreferrer follow\" data-wpel-link=\"internal\">Top DevOps Certifications<\/a>.<\/p><\/blockquote>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Vulnerability_Management_for_DevSecOps\"><\/span><span style=\"font-weight: 400;\">Vulnerability Management for DevSecOps<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">For security purposes, it is important to integrate vulnerability management before the application goes into production. A DevSecOps model involves testing for vulnerabilities across the development and integration pipeline and again once the software is sent to production. This helps security teams patch flaws on time and prevent exploits.\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Security teams need to detect and manage vulnerabilities in a number of categories across the development process. They should search for vulnerabilities that may be present in code, containers and in the cloud. The following explains why it is critical to verify vulnerabilities present in these three categories:\u00a0\u00a0<\/span><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><b>Vulnerability management in code<\/b><span style=\"font-weight: 400;\">\u2014code scans analyze the code to detect specific vulnerabilities early in the software development lifecycle (SDLC). Developers can use vulnerability scans to ensure the code they are writing is secure before committing it.\u00a0\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Vulnerability management in containers<\/b><span style=\"font-weight: 400;\">\u2014containers require scanning before deployment. You should ensure that container vulnerabilities assessment is part of your automated toolchain.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Vulnerability management in the cloud<\/b><span style=\"font-weight: 400;\">\u2014cloud services usually have strong security policies in place that ensure they provide secure hosting. Organizations should monitor the cloud platform policy configurations continuously to prevent policy violations such as credential misuse or theft.\u00a0<\/span><\/li>\n<\/ul>\n<h3 style=\"text-align: justify;\"><span class=\"ez-toc-section\" id=\"Automated_Vulnerability_Management\"><\/span><span style=\"font-weight: 400;\">Automated Vulnerability Management<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">The key to automating vulnerability detection is introducing security at the source. This means scanning applications while they run in production to detect vulnerabilities in the source code. This type of security testing tool is called a Dynamic Application Security Testing <\/span><a href=\"https:\/\/www.techopedia.com\/definition\/30958\/dynamic-application-security-testing-dast\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">(DAST)<\/span><\/a><span style=\"font-weight: 400;\">. DAST can help you detect configuration flaws, as well as architectural weaknesses.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><b>Pros and cons of DAST tests:<\/b><\/p>\n<ul style=\"text-align: justify;\">\n<li style=\"font-weight: 400;\"><b>Pros<\/b><span style=\"font-weight: 400;\">\u2014the scanners simulate an attack by probing the application with the goal to identify a discrepancy from the result set. DAST tests can scan for vulnerabilities without depending on the language the application is written.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Cons<\/b><span style=\"font-weight: 400;\">\u2014since the tool performs dynamic testing, it doesn\u2019t cover the entirety of the application\u2019s source code. In addition, the tool performs the testing according to a predefined list of attacks, covering a limited number of variations for a particular vulnerability.\u00a0<\/span><\/li>\n<\/ul>\n<h4 style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Wrap Up<\/span><\/h4>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Testing the security of web applications is an essential part of cyber security. According to a report from 2019, the <\/span><a href=\"https:\/\/www.ptsecurity.com\/ww-en\/analytics\/web-application-vulnerabilities-statistics-2019\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">majority of application vulnerabilities<\/span><\/a><span style=\"font-weight: 400;\"> are in the source code. This finding is in line with DevSecOps practices, which place importance on introducing security scans early in the software development lifecycle.\u00a0<\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400;\">Automated monitoring can also benefit DevOps pipelines, without impacting the speed of delivery. With automated vulnerability testing, you can produce secure code from the start. When you combine dynamic application security testing with a continuous monitoring process, you can detect security vulnerabilities, and respond in time to avoid a breach. The result is an efficient and secure development process.<\/span><\/p>\n<p class=\"p2\" style=\"text-align: justify;\">If you are a DevOps professional and want to validate your skills, it\u2019s the right time to go for a DevOps certification. Check out our <a href=\"https:\/\/www.whizlabs.com\/devops-certifications\/\" target=\"_blank\" rel=\"noopener noreferrer follow\" data-wpel-link=\"internal\">DevOps certification training courses<\/a> and prepare yourself to become a certified DevOps professional.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The fast pace of the technology industry is driving software development companies to find new work models. Developers need to increase the delivery speed and agility of their workflow. Adopting DevOps pipelines enables organizations to overcome this challenge.\u00a0 DevOps is a software development approach that focuses on collaboration between development and operations teams. The goal of DevOps is to streamline processes and deploy products faster.\u00a0 Managing security risks in a DevOps environment can be challenging. Factors such as configuration changes make this task especially difficult. Compliance requirements and code vulnerabilities also make a DevOps environment vulnerable.\u00a0 Preparing to become a [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":74481,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1862],"tags":[617,2712,2973,2971,2972],"class_list":["post-74248","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","tag-cloud-security","tag-devops","tag-devops-automation","tag-devops-vs-devsecops","tag-vulnerability-management"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",600,315,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management-150x150.png",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management-300x158.png",300,158,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",600,315,false],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",600,315,false],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",600,315,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",600,315,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",24,13,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",48,25,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",96,50,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",150,79,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",300,158,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management-250x250.png",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",600,315,false],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",96,50,false],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2020\/01\/DevOps_Automation_for_the_Secure_Cloud_Vulnerability_Management.png",150,79,false]},"uagb_author_info":{"display_name":"Dharmalingam N","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/dharmalingam\/"},"uagb_comment_info":13,"uagb_excerpt":"The fast pace of the technology industry is driving software development companies to find new work models. Developers need to increase the delivery speed and agility of their workflow. Adopting DevOps pipelines enables organizations to overcome this challenge.\u00a0 DevOps is a software development approach that focuses on collaboration between development and operations teams. The goal&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/74248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=74248"}],"version-history":[{"count":2,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/74248\/revisions"}],"predecessor-version":[{"id":74253,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/74248\/revisions\/74253"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/74481"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=74248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=74248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=74248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}