Dev Sec Ops
Everything on SkillVeris tagged Dev Sec Ops — collected across the glossary, study notes, blog, and cheat sheets.
16 resources across 1 library
Interview Questions(16)
What is Docker Image Security Scanning and Why Does It Matter?
Docker image security scanning inspects the layers of a built image against known vulnerability databases (CVEs) to catch outdated packages, exposed secrets, a…
How Do You Manage Secrets in a DevOps Pipeline?
Secrets management means storing credentials, API keys, and certificates in a dedicated secrets store with encryption, access control, and audit logging, then…
What is HashiCorp Vault and How Does It Work?
HashiCorp Vault is a centralized secrets-management system that securely stores, dynamically generates, and tightly controls access to credentials, encryption…
What is mTLS and Why Use It Between Services?
Mutual TLS (mTLS) is an extension of standard TLS where both the client and the server present X.509 certificates and verify each other’s identity during the h…
What is DevSecOps and How Do You Implement It?
DevSecOps is the practice of integrating security checks and ownership directly into every stage of the DevOps pipeline — from code commit through build, test,…
SAST vs DAST: What Is the Difference?
SAST (Static Application Security Testing) scans an application’s source code, bytecode, or binaries without executing them to find vulnerabilities like SQL in…
What Are the Key Principles of Container Security?
Container security means hardening every layer of the container lifecycle — the base image, the build process, the runtime configuration, and the host kernel —…
How Does Container Image Vulnerability Scanning Work?
Container image vulnerability scanning inspects every layer of a built image — the OS packages, language dependencies, and binaries — against databases of know…
What Is Network Segmentation and Why Does It Matter?
Network segmentation is the practice of dividing a network into smaller, isolated zones with controlled traffic between them, so that a compromise in one zone…
What is Compliance as Code?
Compliance as code is the practice of expressing regulatory and internal security controls as machine-readable, version-controlled policy definitions that are…
What are CIS Benchmarks?
CIS Benchmarks are consensus-developed, vendor-neutral configuration hardening guides published by the Center for Internet Security, each providing a specific,…
What is Container Runtime Security?
Container runtime security is the practice of monitoring and constraining what a container is actually doing while it runs — its syscalls, process behavior, fi…
How Does Falco Detect Threats at Runtime?
Falco is an open-source, CNCF-graduated runtime security tool that taps into kernel syscall events using eBPF (or a kernel module driver) and evaluates them in…
What are Seccomp Profiles in Container Security?
A seccomp (secure computing mode) profile is a Linux kernel feature that restricts which system calls a process is allowed to make, and in container security i…
What Is Software Supply Chain Security in DevOps?
Software supply chain security is the practice of securing every stage that produces a running application — source code, dependencies, build systems, CI/CD pi…
What Is the SLSA Framework?
SLSA (Supply-chain Levels for Software Artifacts, pronounced 'salsa') is a security framework, originally developed at Google and now under the OpenSSF, that d…