Google Drive
Gist
Clipboard
or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
xxxxxxxxxx-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
SubscribeSecurity!!! 不要在旁邊玩沙了!!! - 黃承皓(Thomas Huang)
Welcome to DevOps Days 2019 Collaborative Notes
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →Getting started from here: https://hackmd.io/@DevOpsDay/2019
Click top left to expand Agenda on the mobile.
在持續交付過程中時常只考慮到功能,由於時程壓力下安全的議題通常會被忽略,而時程越趕通常會導致失誤越容易發生。
而在DevOps的流程中可以將Security考慮進去。
可以在CI/CD過程中加入自動化檢測來確保交付的安全性。
權限管理很重要,可以加入多因素驗證或是IP filter等來防範外部入侵,各個使用者帳號要確保最小權限原則。
建立完善的log機制可供事後分析或是事前警報(Azure DevOps Kit)
在CI/CD中加入安全關卡,確保線上安全品質。
不斷的確保目前線上的安全的issue並將修正加入CI/CD流程。
透過smoke test來檢測報警監控機制完不完善
在流程設計中要加入回饋的機制,不斷的去優化流程,加入下一次迭代
Microsoft Security DevOps
Secure DevOps Kit for Azure
tags:
DevOpsDays Taipei 2019