Isiqulatho[Fihla][Bonisa]
Mhlawumbi sele uyazi ukuba yintoni iDevOps ukuba usebenza kushishino lwesoftware.
Ayimangalisi into yokuba uninzi lweefemu ezinkulu zidibanisa iindlela zazo kuhambo lwazo lomsebenzi zinikwa ukuba ziya zithandwa ngakumbi ngabaphuhlisi.
Kwiinyanga ezimbalwa okanye kwiminyaka eyadlulayo, iinkampani ezinkulu zesoftware ziya kukhupha rhoqo iinkqubo ezintsha.
Kwakukho ixesha elaneleyo lokuba ikhowudi yokupasa ukhuseleko kunye nomgangatho iitshekhi zoqinisekiso; ezi nkqubo zenziwe ngamaqela eengcaphephe azimeleyo.
Ngokusetyenziswa okwandisiweyo kwamafu oluntu, ukuhamba okuninzi kuye kwazenzekela kusetyenziswa izixhobo ezintsha kunye nobuchwepheshe, okwenza ukuba amashishini aphuhle ngokukhawuleza kwaye ahlale inyathelo elinye ngaphambi kokhuphiswano.
Iinkqubo ze-Monolithic zaqala ukuqhekeka zibe ngamacandelo amancinci, azimeleyo emva kokwaziswa kwezikhongozeli kunye nombono we-microservice.
Oku kwandisa ukuguquguquka kwendlela isoftware eyadalwa kwaye yaphunyezwa ngayo.
Nangona kunjalo, uninzi lweenkqubo zokubeka iliso zokhuseleko kunye nokuthotyelwa aluzange lubonise olu phuhliso.
Uninzi lwabo alukwazanga ukuvavanya ikhowudi yabo ngokukhawuleza njengendawo eqhelekileyo ye-DevOps efunwayo ngenxa yoko.
Ukuphunyezwa kwe-SecDevOps kwakujoliswe ukujongana nale ngxaki kunye nokudibanisa ngokupheleleyo uvavanyo lokhuseleko ekudityanisweni okuqhubekayo (CI) kunye nemibhobho yokuhambisa ngokuqhubekayo (CD) ngelixa iphucula ulwazi kunye nobuchule beqela lophuhliso ukwenzela ukuba kube lula uvavanyo lwangaphakathi kunye nokupakishwa.
Uya kufumana ngakumbi malunga ne-SecDevOps kwesi siqwenga, kubandakanya ukubaluleka kwayo, ukusebenza, ezona ndlela zilungileyo, kunye nokunye okuninzi.
Ke, yintoni iSecDevOps?
I-DevOps iyakhawuleza, ilukhuni, kwaye iyazenzekela, kwaye inetoni yeenzuzo ngokwayo.
Nangona kunjalo, ukudityaniswa kokhuseleko kuthintelwe kuba ukuthunyelwa ngokukhawuleza kuthetha iifestile ezimbalwa zexesha lokuchonga nokujongana neziphene zokhuseleko.
Ukuba ukhuseleko aluqukwanga kwinkqubo yokwakha kunye nokukhulula ngelixa uphuhlisa ii-apps ngenjongo yokuthunyelwa ngokukhawuleza (indlela ye-DevOps), unokubashiya bevuleleke kwiimpazamo ezibalulekileyo zokhuseleko.
Kulapho iSecDevOps (ekwaziwa ngokuba yiDevSecOps okanye iDevOpsSec) iza kudlala. Le ndlela ibandakanya ukubandakanya ukhuseleko kwiinkqubo zophuhliso kunye nokusasazwa, njengoko igama liya kuthetha.
I-SecDevOps yingqokelela yeendlela ezilungileyo ezenzelwe ukudibanisa ikhowudi ekhuselekileyo nzulu kuphuhliso lwe-DevOps kunye neenkqubo zokusasazwa.
Ihlala ibizwa ngokuba yiDevOps enzima.
Njengoko besenza ii-apps zabo, ikhuthaza abaphuhlisi ukuba baqwalasele imigangatho yokhuseleko kunye neekhonsepthi ngokucokisekileyo. Ukuhlala kunye neendlela zokukhupha ezikhawulezayo ze-DevOps, iinkqubo zokhuseleko kunye neetshekhi zibandakanywe kwangoko kumjikelo wobomi.
I-SecDevOps yahlulwe yangamacandelo amabini aphambili:
Ukhuseleko njengekhowudi (SaC)
Ngeli xesha, izixhobo kunye neenkqubo ze-DevOps zombhobho kufuneka zibandakanye ukhuseleko.
Ilandela ukuba izixhobo ze uvavanyo lokhuseleko lwesicelo esisisigxina (SAST) kunye novavanyo lokhuseleko lwesicelo esiguqukayo (DAST) scan ngokuzenzekelayo izicelo ezakhiweyo.
Ngenxa yoku, iinkqubo ezizenzekelayo zibekwe phambili kunezo zezandla (nangona iinkqubo zemanuwali ziyafuneka kwiindawo ezibalulekileyo zokhuseleko lwesicelo).
Iinkqubo ze-DevOps kunye neekhonkco zesixhobo kufuneka zibandakanye ukhuseleko njengekhowudi. Ezi zixhobo kunye ne-automation yazo kufuneka zihambelane ne-Delivery Delivery architecture.
Iziseko zophuhliso njengeKhowudi (IaC)
Ingqokelela yezixhobo ze-DevOps ezisetyenziselwa ukuqwalasela nokuphucula iindawo zeziseko ezingundoqo ukwenzela ukubonelela ngokukhuselekileyo nokulawulwa kwendawo yokuthunyelwa kubhekiswa kuyo apha.
Izixhobo ezifana neChef, Ansible, kunye nePuppet zihlala zisetyenziswa kule nkqubo.
I-IaC ibandakanya ukusebenzisa izikhokelo zophuhliso lwekhowudi efanayo ukulawula iziseko ezisebenzayo ngokuchasene nokwenza uhlaziyo lolungelelwaniso olwenziwa ngesandla okanye iinguqulelo kusetyenziswa izikripthi eziphuma kanye.
Ngenxa yoko, endaweni yokuzama ukupakisha kunye nokuhlaziya iiseva ezisetyenzisiweyo, umba wenkqubo ufuna ukuthunyelwa komncedisi olawulwayo.
Ngaphambi kokuqaliswa kwesicelo, i-SecDevOps isebenzisa uvavanyo oluqhubekayo noluzenzekelayo lokhuseleko. Ukuqinisekisa ukufunyaniswa kwangaphambili kwazo naziphi na iziphene, ukulandelwa komcimbi kusetyenziswa.
Ukongeza, yenza ukusetyenziswa kwe-automation kunye novavanyo ukubonelela ngokujonga ukhuseleko olusebenzayo kuwo wonke umjikelo wophuhliso wesoftware.
Kutheni ishishini lifuna iSecDevOps?
Kwixesha lanamhlanje ledijithali, ukhuseleko kufuneka lube phambili kunye neyona nto iphambili yombutho wonke.
Ngokubeka imodeli ye-SecDevOps, inkampani ibonisa ukuba iyasebenza kunokuba isebenze xa isiza kukhuseleko.
Ukuphuhliswa kweenkqubo ezomeleleyo kunye nokuthembeka, izicelo ezizinzileyo zikhuthazwa ngokuba ne "Security First" yengqondo yenkampani.
Kwimakethi ye-IT ekhuphisana kakhulu yanamhlanje, imibutho ayinakukwazi ukuba neziphene zokhuseleko kwiinkqubo zabo zemveliso.
Uhlaselo olusebenzisa izenzo zokuxhaphaza luyindleko kwaye luhlala lunika inkqubo okanye umbutho ukuba ungasebenziseki. I-SecDevOps ngaphakathi kwintlangano yenza ugxininiso oluqhubekayo lokhuseleko kuwo onke amanqanaba emibhobho.
Ukwazi ukuba udala iinkqubo ezithile kunye neenkqubo ezineempawu kunye nokusebenza okufunwa ngabathengi kukunika uxolo lwengqondo.
Ukuqinisekisa ukuba ishishini lithobela ezona ndlela zilungileyo zokhuseleko, imigangatho, kunye nomthetho, kuyacetyiswa ukuba iQela lezoKhuseleko libandakanyeke kwangethuba kwaye rhoqo kuwo onke amalinge eenjineli kunye nangezizo ezobunjineli.
Isebenza njani i-SecDevOps?
I-SecDevOps ixhalabele ukuhambisa ukhuseleko ngasekhohlo. Oku kuthetha ukuba wonke umntu kufuneka athathe uxanduva lokhuseleko kwasekuqaleni, kwanangexesha locwangciso, endaweni yokuphumeza inkqubo yokusabela kwisiganeko.
Ngokuchaseneyo nesiqhelo ingxangxasi isondela, ebeka ukhuseleko ekupheleni komjikelo wobomi, olu lutshintsho olubalulekileyo. Ukhuseleko kufuneka luthathelwe ingqalelo kulo lonke ukhetho nakuwo wonke umjikelo wobomi bophuhliso.
Ukongeza ekusebenziseni iimodeli ezisongelayo, baxhasa imeko yophuhliso eqhutywa kuvavanyo kunye namatyala ovavanyo lokhuseleko.
Kufuneka uqinisekise ukuba uvavanyo lokhuseleko oluzenzekelayo kunye nokudibanisa okuqhubekayo kuhlanganiswe kwinkqubo.
Ukufumana ubuthathaka besicelo, i-SecDevOps idinga ukuqonda ngokupheleleyo ukuba isebenza njani.
Ungayikhusela ngcono kwiingozi zokhuseleko ngoku ukuba uyazi oku. Iimodeli zesoyikiso zihlala zisetyenziselwa ukwenza oku kubomi bonke bophuhliso.
Ukuqonda ngakumbi ukuba isebenza njani, makhe sijonge inkqubo eqhelekileyo yeSecDevOps.
Inkqubo yolawulo loguqulelo lolawulo isetyenziswa ngabaphuhlisi. Ngenxa yoko, unxibelelwano kwiiprojekthi ezinjalo luququzelelwe kwaye bayakwazi ukugcina umkhondo walo naluphi na utshintsho kumanyathelo ophuhliso lwesoftware.
Xa usebenza kwiprojekthi yokubhala ngokubambisana, abaphuhlisi banokwahlula ngokulula imisebenzi yabo ngokusebenzisa amasebe.
- Umphuhlisi uya kuqala abhale ikhowudi yesistim.
- Emva koko inkqubo iya kwamkela uhlengahlengiso.
- Emva koko ikhowudi iya kubuyiselwa kwisistim kwaye ihlolwe ngomnye umphuhlisi. Ukufumana iimpazamo zokhuseleko okanye ubuthathaka, hlalutya ikhowudi engatshintshiyo kweli nqanaba.
Inkqubo eqhelekileyo ye-SecDevOps iya kuqhubeka ngolu hlobo lulandelayo emva kwesi sigaba:
- Ukwenza indawo yokusasaza kwisicelo kunye nokusebenzisa useto lokhuseleko kwinkqubo usebenzisa itekhnoloji ye-IaC efana nePuppet, Chef, kunye neAnsible.
- ukuqhuba i-backend, ukuhlanganiswa, i-API, ukhuseleko, kunye novavanyo lwe-UI njengenxalenye yovavanyo oluzenzekelayo oluchasene nesicelo esisanda kuthunyelwa.
- ukuthunyelwa kwesicelo kunye nokuqhuba uvavanyo oluzenzekelayo oluguquguqukayo kuyo kwindawo yovavanyo.
- Nje ukuba olu vavanyo luphumelele, thumela isicelo kwindawo yemveliso.
- Ngalo lonke ixesha ugcina iliso kuyo nayiphi na inkxalabo yokhuseleko esebenzayo kwindawo yemveliso.
Izibonelelo zeSecDevOps
Kwi-SecDevOps, iqela lokhuseleko liseka imigaqo-nkqubo esisiseko ngaphambili.
Le mimiselo inokugubungela izinto ezifana nemigangatho yekhowudi, iingcebiso zokuvavanya, isikhokelo sohlalutyo olusisigxina kunye noluguquguqukayo, izithintelo zokusebenzisa i-encryption ebuthathaka kunye nee-API ezingakhuselekanga, njl.
Ukongeza, bachaza izinto ezinokufuna isenzo seqela lokhuseleko (umzekelo, utshintsho ekuqinisekiseni okanye kwimodeli yogunyaziso, okanye ezinye iindawo ezibalulekileyo zokhuseleko).
Iqela lophuhliso lizuza ubuchule bokhuseleko ngenxa yokubandakanya kwinkqubo.
Ngokwenza oku, kuyaqinisekiswa ukuba isiphelo sombhobho sinezona mpazamo zincinci zokhuseleko ezinokubakho. Ukuba ubuthathaka buyaqhubeka, kuya kuba lula ukwenza uphando, ukuhlaziya inkqubo, kunye nokwenza uphuculo.
Ukwenza utshintsho olufunekayo kwimithetho yokhuseleko kunye nemigangatho yenziwe lula ngoncedo lohlalutyo lwengcambu.
Ukuyibeka ngenye indlela, kunye nomjikelo ngamnye, umphumo uya kuba ngcono. Ukuqinisekisa ukunyuka okuncinci komjikelo kade yenye injongo yophuculo oluphindaphindiweyo.
Ezi zilandelayo zimbalwa zezona zinto zibalulekileyo zeSecDevOps:
- Amandla okusabela ngokukhawuleza kwiinguqu kunye neemfuno
- Ukufunyaniswa kwangethuba kobuthathaka bekhowudi
- Ukuphuculwa kobuchule kunye nokukhawuleza kweeyunithi zokhuseleko
- Intsebenziswano yeqela ngakumbi kunye nonxibelelwano
- Ukukhulula izixhobo zamalungu eqela ukuba zisebenze kwimisebenzi yexabiso eliphezulu ngokuzenzekela
- Amathuba amaninzi ovavanyo lomgangatho kunye nokhuseleko, kunye nolwakhiwo oluzenzekelayo
Izicwangciso ezisebenzayo zeSecDevOps
I-SecDevOps idibanisa ukhuseleko, uphuhliso, kunye nokusebenza ukubanceda bonke basebenzele injongo enye ngokuphucula ukusebenza kweqela, iinkqubo kunye nezixhobo.
Ngenxa yokuthandabuza kwenkcubeko, unxibelelwano lweqela olungafanelekanga, okanye izithintelo zexesha, ukubandakanya ukhuseleko kumsebenzi wakho weDevOps kunokuba yinto eyoyikisayo.
Ngelixa kungekho ndlela enye, eyimpumelelo enokuthi yonke ifemu isebenzise ukuphuhlisa inkqubo ye-SecDevOps, kukho izikhombisi ezithile kunye nezicwangciso ezinokuba luncedo.
Qala ngokuphumeza uphuhliso olukhuselekileyo noqeqesho.
Oku akuthethi ukuba kufuneka unyanzelise iinjineli zakho ukuba zibe ziingcali zokhuseleko okanye zibe nobuchule kwizixhobo zokhuseleko ezibukhali.
Kodwa ufuna ukucinga ngokubafundisa iinkqubo zokhuseleko eziya kunceda ukukhusela inkqubo yakho. T
o qinisekisa ukuba abaphuhlisi bakho banokuqonda ngokukhawuleza kwaye basebenzise iinkqubo zokhuseleko ezivakalayo, kufuneka unikeze uqeqesho lokhuseleko olulungiselelwe bona ngokukodwa.
Sebenzisa ulawulo lwenguqulelo kuzo zonke iimeko.
Kwimeko ye-DevOps, yonke isoftware yesicelo, ipateni, umzobo, kunye neskripthi kufuneka isebenzise izixhobo ezifanelekileyo zokuguqulela kunye nezicwangciso.
Izibonelelo ezininzi zokhuseleko ziza nolawulo lwenguqulelo, kwaye yenza imiyalelo ukuba:
- Qinisekisa ukuba sesiphi isakhiwo okanye uphawu olusetyenzisiweyo xa kukho ingxaki yokhuseleko.
- Gcina umkhondo wemisebenzi yophuhliso ukuthobela imigangatho yomthetho.
- Jonga kwaye ukhangele nawaphi na amacandelo anobungozi okanye asemngciphekweni athe wongezwa kwinkqubo yophuhliso.
Yamkela iNgcaciso yoKhuseleko oluphakathi kwabantu
Ukuphunyezwa kokhuseleko akufuneki kuwele phantsi kolawulo lweqela elinye.
Ukuqinisekisa ukuba wonke umntu uyalwamkela uxanduva lokubambelela kwimigangatho yokhuseleko, ifemu yakho kufuneka yamkele inkcubeko yokhuseleko egxile ebantwini.
Khuthaza abaphuhlisi, abavavanyi, kunye nabanye abasebenzi ukuba bathathe uxanduva lobuqu lokhuseleko ukongeza kuqeqesho lokhuseleko.
Sukubekw' esweni kokhuseleko kubalulekile, kodwa kukwafuneka ukuba kuvele ngaphakathi kumntu ngamnye, kwaye ilungu ngalinye leqela kufuneka lithathele kulo uxanduva.
Uzenzele uMsebenzi oQhelekileyo
Uninzi lweenkqubo zeDevSecOps ezisekiweyo zisebenzisa i-automation rhoqo kwaye kwangoko.
Umzekelo, iimvavanyo zokhuseleko ezizenzekelayo zenza kube lula ukubona naziphi na iimpazamo kwikhowudi yakho, ekhawulezisa uphuhliso kunye nokwandisa imveliso yophuhlisi.
Oku kuyinyani ngakumbi kwiifemu ezinkulu apho iinjineli zihlala ziqhuba iinguqulelo ezininzi zekhowudi imini yonke.
Unyino lweSecDevOps
Ngaphandle kwenyani yokuba i-SecDevOps yeyona ndlela yamva nje yophuhliso lwesicelo kwaye ibonelela ngeengenelo ezininzi kubuchule obuqhelekileyo.
Nangona kunjalo, nayo inezithintelo ezimbalwa, ezidweliswe ngezantsi.
- Ayinakusasazwa ngokukhawuleza kuba yinkqubo ende.
- Kuyimfuneko ukuqeqesha abaphuhlisi kwiindlela ezikhuselekileyo zokukhowuda kunye nobuthathaka obuqhelekileyo, obufuna ixesha kunye nezibonelelo ezongezelelweyo.
- Ukungquzulana komdla kunokuvela ukuba isicelo asifakwanga kuvavanyo oluzimeleyo lokhuseleko.
- Isigaba socwangciso sophuhliso lwesicelo sinokuqala sithathe ixesha elide ngenxa yenkcazo ebanzi yemigaqo-nkqubo neenkqubo.
isiphelo
Njengamaqela okhuseleko ahlala efumana iindlela ezintsha zokusebenza, i-SecDevOps ivuselela umdlandla kwaye ikhuthaza ukuyila.
Njengoko amasebe esebenzisana elinye endaweni yokuseka amaqhina akhuphisanayo, ikhuthaza ukukhula kwentlangano.
Ukuphunyezwa kwe-SecDevOps ibonelela ngezibonelelo ezinkulu zobugcisa nezemali kumashishini.
Uphuhliso lwesicelo kunye neenkqubo ezinxulumeneyo zikhuselekile kwaye zinemveliso ngakumbi xa ukhuseleko lusisiseko, ngokwembono yeSecDevOps.
Shiya iMpendulo