{"id":718,"date":"2024-04-08T19:00:38","date_gmt":"2024-04-08T19:00:38","guid":{"rendered":"https:\/\/afshin-soltani.com\/?p=718"},"modified":"2024-12-10T00:57:19","modified_gmt":"2024-12-10T00:57:19","slug":"embedding-security-into-the-software-development-life-cycle-with-devsecops","status":"publish","type":"post","link":"https:\/\/afshin-soltani.com\/?p=718","title":{"rendered":"Embedding Security into the Software Development Life Cycle with DevSecOps"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"718\" class=\"elementor elementor-718\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5a013a1b e-flex e-con-boxed e-con e-parent\" data-id=\"5a013a1b\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-687d21b2 elementor-widget elementor-widget-text-editor\" data-id=\"687d21b2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2>DevSecOp\u00a0<\/h2><p>In today\u2019s interconnected and fast-paced digital landscape, software development must go beyond delivering functionality to ensuring robust defenses against ever-evolving cybersecurity threats. With organizations rapidly adopting agile methodologies, integrating security into the Software Development Life Cycle (SDLC) has become a critical strategy. DevSecOps\u2014an approach that merges Development, Security, and Operations\u2014meets this challenge by fostering a culture of shared responsibility and continuous enhancement.<\/p><p>Unlike traditional methods where security is tacked on at the end, DevSecOps embeds security throughout the SDLC, creating a seamless integration that allows organizations to deliver secure, scalable, and compliant software at unprecedented speed.<\/p><p><img decoding=\"async\" src=\"https:\/\/b3397182.smushcdn.com\/3397182\/wp-content\/uploads\/2022\/05\/Copy-of-Beacon-Security-Model_v2-01.png?lossy=1&amp;strip=1&amp;webp=1\" alt=\"How DevSecOps Helps Beacon and Our Customers Build Secure Systems - Beacon Platform Inc.\" \/><\/p><h2>What Makes DevSecOps Essential?<\/h2><p>Traditional software development often treated security as a separate phase, creating vulnerabilities that were expensive to fix and left applications exposed to risks. DevSecOps redefines this process by embedding security practices into every stage of development. This proactive approach yields several benefits:<\/p><ul><li><strong>Proactive Defense:<\/strong> By addressing vulnerabilities early, DevSecOps prevents breaches, mitigating risks to operations and reputation.<\/li><li><strong>Reduced cost<\/strong><strong>:<\/strong> Fixing vulnerabilities during development is exponentially cheaper than post-deployment fixes.<\/li><li><strong>Regulatory Compliance<\/strong><strong>:<\/strong> Adhering to frameworks like GDPR, CCPA, CPRA, CDPA, ISO27K, NIST, as such is simplified with integrated security practices.<\/li><\/ul><h5><strong>Make sure to adopt a Shift-Left Mindset<\/strong>:<\/h5><p>Emphasize early security interventions by training teams and introducing security practices in the initial stages of development.<\/p><h3>Core Principles of DevSecOps<\/h3><h5><strong> 1. Automation and Scalability<\/strong><strong>:<\/strong><\/h5><p>Automate tasks like code scanning, testing, and compliance checks. Use technologies like Infrastructure as Code (IaC) and Security as Code (SaC) to ensure consistency and scalability.<\/p><h5>2. Iterative Development:<\/h5><p>Replace traditional monolithic workflows with smaller, frequent updates to accelerate feedback and adaptability.<\/p><h5>3. Collaborative Governance:<\/h5><p>Integrate cross-functional teams and adopt a culture where security is a shared responsibility among developers, operators, and security experts.<\/p><p>\u00a0<\/p><h3>How DevSecOps Works Across the SDLC<\/h3><div><img decoding=\"async\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2020\/04\/devsecops-lifecycle-1-1024x533.png\" \/><\/div><p>Image source: <a href=\"https:\/\/dodcio.defense.gov\/Portals\/0\/Documents\/DoD%20Enterprise%20DevSecOps%20Reference%20Design%20v1.0_Public%20Release.pdf?ver=2019-09-26-115824-583\">The U.S Department of Defense<\/a><\/p><h4><strong>1. Planning Phase: Integrating Security from the Start<\/strong><\/h4><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><p>In DevSecOps, security considerations are embedded at the planning stage. Teams identify potential risks and define requirements to incorporate secure architecture and frameworks.<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><ul><li>Conduct threat modeling to anticipate vulnerabilities.<!-- \/wp:paragraph --><!-- wp:paragraph --><\/li><li>Define secure coding standards for developers.<!-- \/wp:paragraph --><!-- wp:paragraph --><\/li><li>Plan for automated security testing within the CI\/CD pipeline.<\/li><\/ul><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><h4><strong>2. Development and Build Phase: Security in Code<\/strong><\/h4><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><p>Developers are equipped with tools and training to write secure code from the outset.<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><p>\u2022 Use <strong>Static Application Security Testing (SAST)<\/strong> tools to identify vulnerabilities in source code during development.<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><ul><li>Adopt secure coding frameworks and libraries vetted for vulnerabilities.<!-- \/wp:paragraph --><!-- wp:paragraph --><\/li><li>Ensure dependencies are managed securely using tools like Software Composition Analysis (SCA).<\/li><li>Identify the potential risks continuously throughout the development.\u00a0\u00a0<\/li><\/ul><p>\u00a0<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><h4><strong>3. Testing Phase: Automated and Continuous Security Checks<\/strong><\/h4><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><p>Security testing is integrated into CI\/CD pipelines, ensuring early detection of issues.<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><p>\u2022 Perform <strong>Dynamic Application Security Testing (DAST)<\/strong> to simulate real-world attack scenarios.<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><ul><li>Implement container security tools to validate the integrity of containerized applications.<!-- \/wp:paragraph --><!-- wp:paragraph --><\/li><li>Automate regression tests to verify new changes don\u2019t introduce vulnerabilities.<\/li><\/ul><p>\u00a0<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><h4><strong>4. Release and Deployment: Built-In Security Gates<\/strong><\/h4><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><p>Before deployment, comprehensive checks ensure the application is secure and compliant.<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><ul><li>Utilize Continuous Integration\/Continuous Deployment (CI\/CD) pipelines with integrated security gates.<!-- \/wp:paragraph --><!-- wp:paragraph --><\/li><li>Apply Infrastructure as Code (IaC) principles for consistent, secure infrastructure setups.<\/li><li>Proactively monitor for potential vulnerabilities and risks<\/li><\/ul><p>\u00a0<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><h4><strong>5. Operate and Monitor: Real-Time Vigilance<\/strong><\/h4><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><p>Security doesn\u2019t stop at deployment; continuous monitoring ensures resilience against evolving threats.<\/p><p><!-- \/wp:paragraph --><!-- wp:paragraph --><\/p><ul><li>Monitor applications using tools that provide real-time dashboards of the security posture.<!-- \/wp:paragraph --><!-- wp:paragraph --><\/li><li>Use feedback loops to integrate findings into future development cycles.<!-- \/wp:paragraph --><!-- wp:paragraph --><\/li><li>Employ Active Cyber Defense (ACD) strategies to detect and respond to incidents promptly.<\/li><\/ul><p>\u00a0<\/p><h3>The Role of the Software Factory<\/h3><p>At the heart of DevSecOps lies the software factory, a modular pipeline that automates development, testing, and delivery. The factory:<\/p><ul><li>Standardizes tools and workflows.<\/li><li>Supports multi-tenancy for diverse projects<\/li><li>Ensures compliance through continuous risk assessment.<\/li><\/ul><p>By integrating security into every phase of the SDLC, DevSecOps offers a path to resilient, efficient, and compliant software development. This methodology is not just a best practice but a critical necessity in the face of modern cybersecurity challenges that are adding to the complexity of product development.<\/p><p>\u00a0<\/p><h3><b>Key Tools and Frameworks in DevSecOps<\/b><b><\/b><\/h3><p>To implement DevSecOps effectively, organizations rely on a suite of tools:<\/p><ul><li><p><b>Static Code Analysis<\/b>: SonarQube, Checkmarx.<\/p><\/li><li><p><b>Dynamic Testing<\/b>: OWASP ZAP, Burp Suite.<\/p><\/li><li><p><b>Container Security<\/b>: Kubernetes, Aqua Security.<\/p><\/li><li><p><b>CI\/CD Orchestration<\/b>: Jenkins, GitLab, CircleCI.<\/p><\/li><\/ul><p>\u00a0<\/p><h3><b>Why DevSecOps is the Future<\/b><b><\/b><\/h3><p>To wrap up, DevSecOps is more than an enhancement of traditional DevOps practices\u2014it\u2019s a transformative approach to how security is embedded into software development. By shifting security left and emphasizing automation and collaboration, organizations can deliver resilient, compliant applications at the speed of innovation. As cyber threats evolve, embracing DevSecOps is critical for not only addressing cybersecurity as one of the emerging product quality attributes but also maintaining operational excellence.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>DevSecOp\u00a0 In today\u2019s interconnected and fast-paced digital landscape, software development must go beyond delivering functionality to ensuring robust defenses against ever-evolving cybersecurity threats. With organizations rapidly adopting agile methodologies, integrating security into the Software Development Life Cycle (SDLC) has become a critical strategy. DevSecOps\u2014an approach that merges Development, Security, and Operations\u2014meets this challenge by fostering [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":779,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[28,23,21,24,27,26,25,19],"class_list":["post-718","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-agile","tag-devsecops","tag-risk-assessment","tag-sdlc","tag-secure-coding","tag-secure-development","tag-software-development-life-cycle","tag-threat-analysis"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Embedding Security into the Software Development Life Cycle with DevSecOps - Afshin Soltani<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/afshin-soltani.com\/?p=718\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Embedding Security into the Software Development Life Cycle with DevSecOps - Afshin Soltani\" \/>\n<meta property=\"og:description\" content=\"DevSecOp\u00a0 In today\u2019s interconnected and fast-paced digital landscape, software development must go beyond delivering functionality to ensuring robust defenses against ever-evolving cybersecurity threats. With organizations rapidly adopting agile methodologies, integrating security into the Software Development Life Cycle (SDLC) has become a critical strategy. DevSecOps\u2014an approach that merges Development, Security, and Operations\u2014meets this challenge by fostering [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/afshin-soltani.com\/?p=718\" \/>\n<meta property=\"og:site_name\" content=\"Afshin Soltani\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-08T19:00:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-10T00:57:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/afshin-soltani.com\/wp-content\/uploads\/2024\/04\/devsec6.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Afshin Soltani\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Afshin Soltani\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718\"},\"author\":{\"name\":\"Afshin Soltani\",\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/#\\\/schema\\\/person\\\/5d0aeda510b6413bf1527e21ec508fe9\"},\"headline\":\"Embedding Security into the Software Development Life Cycle with DevSecOps\",\"datePublished\":\"2024-04-08T19:00:38+00:00\",\"dateModified\":\"2024-12-10T00:57:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718\"},\"wordCount\":793,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/afshin-soltani.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/devsec6.png\",\"keywords\":[\"Agile\",\"DevSecOps\",\"Risk Assessment\",\"SDLC\",\"Secure coding\",\"Secure development\",\"Software Development Life Cycle\",\"Threat Analysis\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/afshin-soltani.com\\\/?p=718#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718\",\"url\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718\",\"name\":\"Embedding Security into the Software Development Life Cycle with DevSecOps - Afshin Soltani\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/afshin-soltani.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/devsec6.png\",\"datePublished\":\"2024-04-08T19:00:38+00:00\",\"dateModified\":\"2024-12-10T00:57:19+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/#\\\/schema\\\/person\\\/5d0aeda510b6413bf1527e21ec508fe9\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/afshin-soltani.com\\\/?p=718\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718#primaryimage\",\"url\":\"https:\\\/\\\/afshin-soltani.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/devsec6.png\",\"contentUrl\":\"https:\\\/\\\/afshin-soltani.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/devsec6.png\",\"width\":512,\"height\":512},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/?p=718#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/afshin-soltani.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Embedding Security into the Software Development Life Cycle with DevSecOps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/#website\",\"url\":\"https:\\\/\\\/afshin-soltani.com\\\/\",\"name\":\"Afshin Soltani\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/afshin-soltani.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/afshin-soltani.com\\\/#\\\/schema\\\/person\\\/5d0aeda510b6413bf1527e21ec508fe9\",\"name\":\"Afshin Soltani\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/be6db1753ead0082991f386e88b4530dddd66410724db401e968e0af00d60236?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/be6db1753ead0082991f386e88b4530dddd66410724db401e968e0af00d60236?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/be6db1753ead0082991f386e88b4530dddd66410724db401e968e0af00d60236?s=96&d=mm&r=g\",\"caption\":\"Afshin Soltani\"},\"url\":\"https:\\\/\\\/afshin-soltani.com\\\/?author=2\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Embedding Security into the Software Development Life Cycle with DevSecOps - Afshin Soltani","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/afshin-soltani.com\/?p=718","og_locale":"en_US","og_type":"article","og_title":"Embedding Security into the Software Development Life Cycle with DevSecOps - Afshin Soltani","og_description":"DevSecOp\u00a0 In today\u2019s interconnected and fast-paced digital landscape, software development must go beyond delivering functionality to ensuring robust defenses against ever-evolving cybersecurity threats. With organizations rapidly adopting agile methodologies, integrating security into the Software Development Life Cycle (SDLC) has become a critical strategy. DevSecOps\u2014an approach that merges Development, Security, and Operations\u2014meets this challenge by fostering [&hellip;]","og_url":"https:\/\/afshin-soltani.com\/?p=718","og_site_name":"Afshin Soltani","article_published_time":"2024-04-08T19:00:38+00:00","article_modified_time":"2024-12-10T00:57:19+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/afshin-soltani.com\/wp-content\/uploads\/2024\/04\/devsec6.png","type":"image\/png"}],"author":"Afshin Soltani","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Afshin Soltani","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/afshin-soltani.com\/?p=718#article","isPartOf":{"@id":"https:\/\/afshin-soltani.com\/?p=718"},"author":{"name":"Afshin Soltani","@id":"https:\/\/afshin-soltani.com\/#\/schema\/person\/5d0aeda510b6413bf1527e21ec508fe9"},"headline":"Embedding Security into the Software Development Life Cycle with DevSecOps","datePublished":"2024-04-08T19:00:38+00:00","dateModified":"2024-12-10T00:57:19+00:00","mainEntityOfPage":{"@id":"https:\/\/afshin-soltani.com\/?p=718"},"wordCount":793,"commentCount":0,"image":{"@id":"https:\/\/afshin-soltani.com\/?p=718#primaryimage"},"thumbnailUrl":"https:\/\/afshin-soltani.com\/wp-content\/uploads\/2024\/04\/devsec6.png","keywords":["Agile","DevSecOps","Risk Assessment","SDLC","Secure coding","Secure development","Software Development Life Cycle","Threat Analysis"],"articleSection":["Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/afshin-soltani.com\/?p=718#respond"]}]},{"@type":"WebPage","@id":"https:\/\/afshin-soltani.com\/?p=718","url":"https:\/\/afshin-soltani.com\/?p=718","name":"Embedding Security into the Software Development Life Cycle with DevSecOps - Afshin Soltani","isPartOf":{"@id":"https:\/\/afshin-soltani.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/afshin-soltani.com\/?p=718#primaryimage"},"image":{"@id":"https:\/\/afshin-soltani.com\/?p=718#primaryimage"},"thumbnailUrl":"https:\/\/afshin-soltani.com\/wp-content\/uploads\/2024\/04\/devsec6.png","datePublished":"2024-04-08T19:00:38+00:00","dateModified":"2024-12-10T00:57:19+00:00","author":{"@id":"https:\/\/afshin-soltani.com\/#\/schema\/person\/5d0aeda510b6413bf1527e21ec508fe9"},"breadcrumb":{"@id":"https:\/\/afshin-soltani.com\/?p=718#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/afshin-soltani.com\/?p=718"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/afshin-soltani.com\/?p=718#primaryimage","url":"https:\/\/afshin-soltani.com\/wp-content\/uploads\/2024\/04\/devsec6.png","contentUrl":"https:\/\/afshin-soltani.com\/wp-content\/uploads\/2024\/04\/devsec6.png","width":512,"height":512},{"@type":"BreadcrumbList","@id":"https:\/\/afshin-soltani.com\/?p=718#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/afshin-soltani.com\/"},{"@type":"ListItem","position":2,"name":"Embedding Security into the Software Development Life Cycle with DevSecOps"}]},{"@type":"WebSite","@id":"https:\/\/afshin-soltani.com\/#website","url":"https:\/\/afshin-soltani.com\/","name":"Afshin Soltani","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/afshin-soltani.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/afshin-soltani.com\/#\/schema\/person\/5d0aeda510b6413bf1527e21ec508fe9","name":"Afshin Soltani","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/be6db1753ead0082991f386e88b4530dddd66410724db401e968e0af00d60236?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/be6db1753ead0082991f386e88b4530dddd66410724db401e968e0af00d60236?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/be6db1753ead0082991f386e88b4530dddd66410724db401e968e0af00d60236?s=96&d=mm&r=g","caption":"Afshin Soltani"},"url":"https:\/\/afshin-soltani.com\/?author=2"}]}},"_links":{"self":[{"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=\/wp\/v2\/posts\/718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=718"}],"version-history":[{"count":32,"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=\/wp\/v2\/posts\/718\/revisions"}],"predecessor-version":[{"id":757,"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=\/wp\/v2\/posts\/718\/revisions\/757"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=\/wp\/v2\/media\/779"}],"wp:attachment":[{"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afshin-soltani.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}