Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Learn DevSecOps Fundamentals

Learning Objectives

After completing this unit, you’ll be able to:

  • Describe how DevSecOps helps manage the development lifecycle.
  • Identify the business value of effective DevSecOps practices.
  • Summarize common DevSecOps challenges.
Note

This module is sponsored by and produced in collaboration with Flosum, which owns, supports, and maintains the Flosum products, services, and features described here. Use of Flosum products, services, and features is governed by privacy policies and service agreements maintained by Flosum. Learn more about partner content on Trailhead.

DevSecOps Fundamentals

We’re living in an age of rapid—and constant—digital innovation. Every day, we witness advancements in technologies such as artificial intelligence (AI), the Internet of Things (IoT), robotics, and 3D printing. As a result, customers expect the latest and the greatest products and services delivered right to their fingertips.

Companies have to be able to provide continuous, high-quality software releases to keep pace with these speed-of-light shifts. But they also have to stay compliant with regulatory guidelines and maintain the security and integrity of customer data. 

A scale balancing a clock on the left and a shield with a lock on the right

So, how do businesses strike this delicate balance between speed and security? By implementing a methodology called DevSecOps, which is short for “development, security, and operations.”

Both DevOps and DevSecOps break down traditional barriers between development teams (developers, quality assurance analysts, and systems analysts) and operations teams (release managers and administrators). But while DevOps focuses on allowing these teams to quickly and effortlessly collaborate and communicate, DevSecOps includes a set of practices and tools that add an extra layer of security to the entire software-development process.

Successful DevSecOps practices: 

  • Eliminate disparate, siloed tools, which helps teams remain aligned and agile.
  • Automate tasks and audit trails, which keeps teams productive and efficient.
  • Create a culture of shared responsibility, which fosters team transparency and trust.

More specifically, DevSecOps helps businesses streamline and securely manage a release throughout the entire development lifecycle, which typically includes the following stages:

Lifecycle Stage

Description

Plan

The team creates a roadmap for the release to guide the development process and help the project stay on track. 

Code

A developer writes the code for the release, adhering to any technical requirements and security standards. 

Build

A developer commits their code to a shared code repository, where another developer reviews the changes and identifies conflicts with other developers’ code. The author of the code resolves any conflicts, and the code is approved. 

Test

If the build is successful, it’s deployed to a staging environment with other developers’ changes, where it ideally undergoes user acceptance testing (UAT) and security testing.

Release

The build is shifted to the production environment.

Deploy

After successful testing, the release goes “live” for customer use.

Operate

The operations team makes sure that the release is running smoothly and gathers user feedback. 

Monitor

The operations team continues to collect data and provide analytics on errors, performance, and user behavior that will inform future releases.

The DevSecOps lifecycle symbol with a shield in the background

Having a DevSecOps methodology in place that helps facilitate continuous, high-quality, and compliant releases is incredibly valuable to businesses. Let’s dig into the details to find out why. 

The Business Value of DevSecOps

By implementing effective DevSecOps practices, companies experience a multitude of benefits, including:

  • Improved collaboration and visibility that boosts productivity and efficiency.
  • An accelerated release lifecycle that facilitates faster innovation and responses to market changes.
  • Increased security and compliance that protects data without compromising speed of release.

In short, companies that adopt DevSecOps practices experience an overall optimization of business. Just take a look at the numbers: 96% of respondents to a 2021 Security Compass survey said that their organization would benefit from automatic security and compliance processes, a key principle of DevSecOps. Fifty-four percent acknowledged that embracing DevSecOps best practices improved security, quality, or resilience, while 30% credited DevSecOps with bringing applications to market faster.

It’s no wonder, then, that DevSecOps is becoming a booming market. According to a report by Data Bridge Market Research, the global DevSecOps market is expected to reach $23.16 billion USD by 2029 and is forecasted to register a compound annual growth rate (CAGR) of 31.5% from 2022–2029.

Implementing a DevSecOps methodology has an enormous positive impact on customers, prospective customers, and, ultimately, the bottom line. But it’s not without its challenges. 

Common DevSecOps Challenges

Despite their best efforts, some companies still struggle to establish effective DevSecOps practices, as they discover that many tools can’t keep pace with constant and rapid technological innovation, which complicates the release process.

In addition to facing these broader challenges, companies encounter several specific roadblocks as they attempt to put DevSecOps practices in place. Take a look: 

Challenge

Description

Siloed solutions

Disparate, disconnected DevSecOps tools limit project visibility, prevent teams from collaborating effectively, and slow down the release process.

Limited security features

DevSecOps solutions that don’t prioritize secure architecture and risk management create data vulnerabilities and compromise compliance. 

Lack of version controls

Developers cannot be sure that they’re working with the correct release of a program if their DevSecOps solution isn’t capable of keeping track of changes to the code. 

Limited integrations 

DevSecOps solutions that aren’t integrated (or have limited integration) with third-party tools create inflexibility and often require teams to build their own ineffective solutions to fill in gaps. 

Companies looking to enhance Salesforce solutions find themselves particularly challenged, as some DevSecOps tools aren’t built specifically for Salesforce, which can hamper the speed and efficiency of the development process. 

To overcome these obstacles, companies need not only a cohesive suite of tools that provides end-to-end support, security, and optimization throughout the entire development lifecycle but also one that seamlessly integrates with Salesforce. 

Flosum is one such DevSecOps solution. In the next unit, learn how the Flosum platform helps organizations establish strong DevSecOps practices that overcome these challenges.

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback