Measuring DevSecOps: building metrics to understand effectiveness and success.
DevSecOps has recently become indispensable DevOps world part and continues the road to maturity. Most commonly, DevSecOps narrows to implementing security automation tasks in build and release pipeline. By leveraging automation, teams can apply security patches, provision shielded servers, scan code for security and deploy better-protected applications at a faster pace.
The benefits of taking a DevSecOps approach are easy to explain and natively visible for development and security teams. But how do you know that DevSecOps is working?
In today's milestone of DevSecOps, you need to measure your security to demonstrate success and drive further transformation.What marks a high-secure team? Which KPIs can tell you what's working and what's not—and lead you to the insight that will explain why? What do you measure, how do you measure it, and what do the numbers say in reality? This talk outlines the most relevant KPIs that will create the foundation of DevSecOps metrics. The exercise that will continue to evolve as DevSecOps methodology becomes more established in teams of all type. You will learn how to determine which security KPIs are essential to track for your team, how to do that, and how to visualize the metrics. The session goes from theory by introducing the metrics framework to technical demo's based on Azure DevOps and supportive tools.