Secure SDLC

Secure Software Development Life Cycle

To help you in your security journey, there are several tests and other actions that can be performed at different stages of the software lifecycle. For an idea of how and when certain tests and actions are performed, take a look at the following secure SDLC:

Six Pillars DevSecOps Diagram Figure from Six Pillars of DevSecOps: Automation by the Cloud Security Alliance

Threat modeling and security assessments were covered in the Shift Left section of this guide, but what about the rest? For the breakdown, you’ll see each action is preceded by a trigger. For example, the static testing is not done at any point in the secure coding phase, but specifically should be done whenever there are changes to the codebase. As for the actions themselves, here’s a quick overview separated by stage. (For tests that are repeated in more than one stage, they are listed under the first stage they appear.)

Secure Coding#

Continuous Build, Integration, and Testing#

Continuous Delivery and Deployment#

Runtime Defense and Monitoring#