Header image of rocket taking off

Snyk launches DevSecOps Hub

Many organizations are shifting to a DevSecOps culture for software delivery. The idea of a developer-centric software delivery model that broke down silos and removed barriers to deployment was born as DevOps in 2008. This efficient approach to software delivery has evolved and grown over the past decade. As organizations have figured out what DevOps means to them in terms of their own corporate cultures, integrating security practices has become increasingly difficult. To help organizations more quickly and decisively evolve a DevOps culture that effectively incorporates security, Snyk has launched our DevSecOps Hub.


Screenshot of Snyk.io showing location of DevSecOps Hub link
Find the DevSecOps Hub under the resources menu on snyk.io

Starting with the basics, the DevSecOps Hub sets clear expectations of what DevSecOps truly means, the benefits it can bring to an organization, and the challenges that are often experienced. It presents these concepts using a familiar People, Process, and Technology approach in order to avoid the tool-centric focus that sometimes takes over the DevSecOps discussion. While automation of the pipeline is important, the hub keeps perspective in terms of how to address the processes and teams that have to be in place to support an effective pipeline.

Technology

While the DevSecOps Hub seeks to balance the focus between the three pillars of any culture, tooling is indeed one of those important pillars. In the hub, we discuss best practices that organizations need to consider when launching or seeking to improve their DevSecOps culture. We focus on key capabilities that should be a part of any pipeline and how organizations can adapt standard approaches to better fit their own unique structure.

As part of this focus, the Hub presents technology spotlights. Each of these takes a look at a specific tool or technology that can help support the DevSecOps pipeline. We also offer a list of best practices for those tools in order to provide tactical guidance for implementing those technologies. These provide clear and concise steps for integrating these specific capabilities into your overall program.

Process

No enterprise culture shift can happen without clear processes that are centered around supporting the desired outcomes. With that in mind, the Hub presents a clear approach to implement the key supporting frameworks that will ensure successful evolution to the strong DevSecOps culture. Establishing shared responsibility and accountability are key themes that are discussed throughout this section. 

As the Hub evolves, we’ll continue to draw in ideas and lessons learned from across various industries and communities. The Hub will provide readers with a better understanding of how reducing the friction of core processes builds the necessary bridges between people and technology. You’ll see how crucial these practices are in promoting the adoption of both tools and initiatives across your organization.

People

The DevSecOps Hub draws on the experience not only of the experts at Snyk but from across the DevSecOps community. Participants on The Secure Developer Podcast share stories with our founder, Guy Podjarny, about their successes and lessons learned in launching or growing their DevSecOps approach. To bring this valuable information to you through the DevSecOps Hub, we have included our Share the journey section.

In each entry of Share the journey, we look deeper into unique approaches or ideas that other organizations have used to build their DevSecOps culture. These—almost mini case studies— help inspire new approaches or give valuable examples from the experiences of others. You’ll even read about lessons learned through the process that can help you avoid common pitfalls.

Dynamic content

Content on the DevSecOps Hub will continue to be very dynamic. New technology spotlights and Share the journey stories are being added on a regular basis. As the experience of DevSecOps continues to evolve across our communities, so too will the tactical approaches presented on the DevSecOps Hub. At the same time, core strategies from our years of experience in supporting DevSecOps delivery will remain a constant you can count on and refer to, as you embark or continue on your own DevSecOps journey. Be sure to bookmark the DevSecOps Hub and make it the guide you can refer to again and again!