Chapter Ten · Part 3: Keeping It Running

Security Along the Way

Security used to be the last gate before a release — a separate team inspecting the finished product, often too late to do much about it. DevOps moves it the other way: into every step, as part of how the software is built and run. This chapter is the gentle version of that idea — why security belongs in the loop, where the most common slip-ups happen, and how teams catch problems early.

3 topics

Up to now this course has followed a change as it travels the loop — written, version-controlled, built, tested, packaged, deployed, and watched. Security is the thread that has to run through all of it. Treated as a final checkpoint, it slows everything down and still misses things; woven into each stage, it becomes just another part of doing the work well.

Three short topics make that concrete. First, why bolting security on at the end fails, and what "build it in" means instead. Then the single most common real-world slip — putting passwords and keys directly in the code — and where they should go instead. And finally how the pipeline can scan each change for known security problems automatically, catching them early rather than at release.

Security isn't a final gate — it rides along the whole loop

Write codesecrets kept out

→

Pipelinescanned on each change

→

Deployreviewed rollout

→

Runwatched in production