DevSecOps Index
Purpose
This index is the root entry point for the DevSecOps branch of the cybersecurity atlas.
Use it to: - connect secure development, CI/CD, dependency risk, secrets handling, and container delivery - reason about software risk before runtime - map security controls into the developer workflow instead of bolting them on later - turn secure-by-design ideas into engineering practices
Use Reference Registry — DevSecOps as the source of truth for references in this branch. Return to Cybersecurity Index for root navigation across branches.
Before this branch: - Foundations (Phase 0). - Web Security and Cryptography — build-pipeline threats inherit both.
Recommended learning order
Phase 1 — Secure development foundations
Phase 2 — Supply chain and dependencies
Phase 3 — Pipeline and release controls
Phase 4 — Container and build delivery
Core DevSecOps cluster
Foundations
Supply chain
Pipelines and releases
Containers and delivery
Cross-links to other branches
API security
Web security
Attack surface mapping
Cloud security
Security playbooks
Suggested future notes
- iac-security
- policy-as-code
- build-isolation
- signed-releases
- dependency-confusion
- secret-scanning
- runtime-vs-build-time-controls
Possible future playbooks
- leak-secrets-from-ci
- inspect-ci-secrets-exposure
- review-container-hardening
- inspect-release-provenance
- test-dependency-risk-hotspots
Branch maintenance notes
- Keep CI/CD, dependency, build, release, and software-delivery controls in this branch.
- Keep cloud provider identity, network, storage, metadata, logging, and lab-infrastructure controls in Cloud Security.
References
- Foundational: NIST SP 800-218 SSDF — https://csrc.nist.gov/pubs/sp/800/218/final
- Foundational: CISA Secure by Design — https://www.cisa.gov/resources-tools/resources/secure-by-design
- Foundational: OWASP ASVS — https://owasp.org/www-project-application-security-verification-standard/