Skip to content
Webeet Docs

Welcome to DevSecOps!

Welcome to the Team!

Section titled “Welcome to the Team!”

This is your first step into our world of DevSecOps. We’re excited to have you, whether you come from a defensive security or a cloud background. This guide is designed to bridge the gap and show you how we build great software, securely, together.

So, What is DevSecOps?

Section titled “So, What is DevSecOps?”

You’ll hear this term a lot. At its core, DevSecOps is a cultural shift. It’s about integrating security into every phase of the software development lifecycle. Instead of security being a final check at the end of the process (a bottleneck!), we make it a shared responsibility from day one. For context for our cloud interns, this means thinking about security from the moment you write your first line of Terraform. For our security experts, it means understanding the development pipeline and automating security checks within it. You will have to learn from each other and work together to make this team successful!

The “Shift Left” Principle

Section titled “The “Shift Left” Principle”

This is the practical application of our DevSecOps philosophy. “Shifting left” means moving security practices as early as possible (to the left) in the development timeline.

  • Traditionally: Security testing happens after development is “complete.”
  • Our Way: We build security into the planning, coding, and building stages.

This approach is more efficient, less costly, and results in more secure products. You’ll see this in action when you learn about threat modeling before we code and automated security scans in our CI/CD pipelines.

Our Culture: How We Work Together

Section titled “Our Culture: How We Work Together”

Culture is the most important part of making DevSecOps successful. Here are our core values:

  • Shared Responsibility: Security isn’t just the “security team’s job.” It’s everyone’s job. Developers, operations, and security experts all own a piece of it.
  • Collaboration Over Blame: We work together to find and fix vulnerabilities. When something goes wrong, we don’t point fingers. We conduct blameless post-mortems to understand the root cause and improve our processes.
  • Automation is Key: We automate as much as we can to provide fast feedback to developers. This allows us to move quickly without sacrificing security.

What’s Next? The Secure Software Development Lifecycle (SDLC)

Section titled “What’s Next? The Secure Software Development Lifecycle (SDLC)”

This wiki is structured to follow our Secure SDLC. This is the roadmap for your learning journey:

  1. Plan & Code (Secure by Design): Where we’ll cover threat modeling and secure coding.
  2. Build, Test & Deploy (The Secure Pipeline): Where we’ll dive into our tech stack like AWS, Terraform, and automated testing.
  3. Monitor & Respond (Secure Operations): Where you’ll learn about monitoring our live systems and using runbooks.

This first phase was all about the “why.” Now you’re ready to dive into the “how.”

Please don’t hesitate to reach out to your Lead with any questions. We’re here to help you succeed.

Happy coding!