{"product_id":"devsecops-pipelines-a-practical-guide-to-integrating-sast-dast-and-vulnerability-management-into-modern-ci-cd-workflows-9798277010181","title":"DevSecOps Pipelines: A Practical Guide to Integrating SAST, DAST, and Vulnerability Management into Modern CI\/CD Workflows.","description":"\u003cp\u003e • Author(s): Brian C. Willard\u003cbr\u003e • Publisher: Independently Published\u003cbr\u003e • Publisher Imprint: Independently Published\u003cbr\u003e • BISAC: Security - General\u003c\/p\u003e\u003cp\u003e\u003cb\u003eStop Choosing Between Speed and Security. Build the Ironclad Pipeline.\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003c\/p\u003eIn the high-velocity world of modern software development, the traditional security model is broken. For years, engineering teams have been forced to accept a dangerous trade-off: move fast and break things, or move slow and stay secure. The \"Department of No\" sets up gates that kill innovation, while developers bypass controls to meet deadlines, leaving production environments exposed to catastrophic risk.\u003cbr\u003eIt does not have to be this way.\u003cbr\u003e\u003cb\u003eDevSecOps Pipelines: A Practical Guide to Integrating SAST, DAST, and Vulnerability Management into Modern CI\/CD Workflows\u003c\/b\u003e is the definitive field manual for the engineer who refuses to compromise. This book moves beyond high-level theory to provide a hands-on, code-first blueprint for automating security at the speed of DevOps.\u003cbr\u003eWritten for DevOps engineers, security practitioners, and software architects, this guide deconstructs the \"Ironclad Pipeline\" a system where security is not a hurdle, but a seamless, invisible quality attribute baked into every commit. \u003cp\u003e\u003c\/p\u003e\u003cb\u003eInside, you will discover how to: \u003c\/b\u003e\u003cul\u003e\n\u003cli\u003e\n\u003cb\u003eOperationalize the \"Shift Left\" \u003c\/b\u003e Move security analysis from the weeks-long pre-production audit directly into the developer's IDE and Pull Request workflow, reducing the cost of remediation by orders of magnitude.\u003c\/li\u003e\n\u003cli\u003e\n\u003cb\u003eMaster the Triad of Scanning: \u003c\/b\u003e Deep dive into the technical implementation of Static Analysis (SAST) to catch bad code, Dynamic Analysis (DAST) to simulate attacker behavior, and Software Composition Analysis (SCA) to hunt down the hidden risks in your third-party dependency chain.\u003c\/li\u003e\n\u003cli\u003e\n\u003cb\u003eSecure the Supply Chain: \u003c\/b\u003e Learn to generate and manage Software Bills of Materials (SBOMs), sign container images for provenance, and automate the patching of vulnerabilities using intelligent bots.\u003c\/li\u003e\n\u003cli\u003e\n\u003cb\u003eCodify Governance: \u003c\/b\u003e Replace dusty PDF policy documents with executable Policy-as-Code (PaC) using Open Policy Agent (OPA), ensuring that no insecure infrastructure ever reaches your Kubernetes cluster.\u003c\/li\u003e\n\u003cli\u003e\n\u003cb\u003eEliminate Alert Fatigue: \u003c\/b\u003e Implement advanced strategies for vulnerability aggregation, deduplication, and baseline management using tools like DefectDojo to turn a flood of noise into actionable signal.\u003c\/li\u003e\n\u003cli\u003e\n\u003cb\u003eOrchestrate the Gate: \u003c\/b\u003e Design sophisticated Quality Gates that can distinguish between a \"blocking\" critical risk and a \"non-blocking\" technical debt, utilizing waivers and SLAs to keep the business moving.\u003c\/li\u003e\n\u003c\/ul\u003eFrom hardening Dockerfiles and terraforming secure cloud infrastructure to translating technical metrics into executive-level risk narratives, this book covers the full spectrum of the DevSecOps lifecycle. \u003cp\u003e\u003c\/p\u003eWhether you are building your first pipeline in GitHub Actions or managing a complex enterprise fleet in Jenkins, this book provides the scripts, strategies, and architectural patterns you need to transform your organization. \u003cp\u003e\u003c\/p\u003e\u003cb\u003eDon't just find bugs. Eliminate the possibility of them ever reaching production.\u003c\/b\u003e","brand":"Independently Published","offers":[{"title":"Paperback","offer_id":46862040137879,"sku":"9798277010181","price":2226.0,"currency_code":"INR","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0666\/3471\/1191\/files\/9798277010181.webp?v=1769964502","url":"https:\/\/atlanticbooks.com\/products\/devsecops-pipelines-a-practical-guide-to-integrating-sast-dast-and-vulnerability-management-into-modern-ci-cd-workflows-9798277010181","provider":"Atlantic Books","version":"1.0","type":"link"}