{"id":111342,"date":"2025-02-27T16:19:53","date_gmt":"2025-02-27T14:19:53","guid":{"rendered":"https:\/\/www.dev.piisku.fi\/?post_type=blog_posts&#038;p=111342"},"modified":"2025-05-27T14:42:52","modified_gmt":"2025-05-27T11:42:52","slug":"part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops","status":"publish","type":"blog_posts","link":"https:\/\/www.dev.piisku.fi\/fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops","title":{"rendered":"PART 3 \u2013 Navigating security challenges: The Secure Software Development Lifecycle meets DevOps"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><div data-parent=\"true\" class=\"vc_row row-container\" id=\"row-unique-0\"><div class=\"row no-top-padding no-bottom-padding no-h-padding full-width row-parent\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_parent col-lg-12 single-internal-gutter\"><div class=\"uncol style-light\"  ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"vc_row row-internal row-container\"><div class=\"row row-child\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-12 half-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode_text_column\" ><p>In part 3 of this series, we\u2019ll describe the post-implementation phases of a secure software development lifecycle, or SSDLC.<\/p>\n<\/div><div class=\"vc_custom_heading_wrap \"><div class=\"heading-text el-text\" ><h2 class=\"h4 text-accent-color\" ><span><strong>Release and deployment<\/strong><\/span><\/h2><\/div><div class=\"clear\"><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"vc_row row-internal row-container\"><div class=\"row col-half-gutter row-child\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-6 single-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode-single-media  text-left\"><div class=\"single-wrapper\" style=\"max-width: 400px;\"><div class=\"tmb tmb-light  tmb-media-first tmb-media-last tmb-content-overlay tmb-no-bg\"><div class=\"t-inside\"><div class=\"t-entry-visual\"><div class=\"t-entry-visual-tc\"><div class=\"uncode-single-media-wrapper\"><img decoding=\"async\" class=\"wp-image-111248\" src=\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg\" width=\"1024\" height=\"1024\" alt=\"\" srcset=\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg 1024w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4-300x300.jpeg 300w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4-150x150.jpeg 150w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4-768x768.jpeg 768w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4-350x350.jpeg 350w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4-348x348.jpeg 348w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-6 single-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode_text_column\" ><p>At this phase of the release, the artefacts that are ready are deployed into the production environment. In DevOps, this phase is often called the \u201cpackage and release\u201d phase. The aim of this phase is to ensure the security and integrity of deliverables are not compromised during deployment. The released artefacts are integrity checked to ensure the pipeline has remained intact throughout the release process. If the release is a first-time launch of a new system, this is the last point at which rigorous acceptance testing, including security tests, can be performed.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"vc_row row-internal row-container\"><div class=\"row row-child\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-12 double-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode_text_column\" ><p>The deployment process should be planned and implemented in a way that allows minimum possibility of human error. Infrastructure as code, or IaC, supports this ideology, but there are a wide range of configurations\u2014platform, cloud, application, and database\u2014all of which should be tested and verified from a security perspective.<\/p>\n<p>The release and deployment phase contains processes and procedures for preparing the delivered system or system functionalities for the centralized logging system. The log delivery mechanism and log monitoring process are activated, and the possible Security Operations Center, or SOC, begins actively monitoring the deployed system.<\/p>\n<p>Implementation, testing and verification, and release and deployment are heavily supported by an automated CI\/CD pipeline.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"vc_row row-internal row-container\"><div class=\"row row-child\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-12 half-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"vc_custom_heading_wrap \"><div class=\"heading-text el-text\" ><h2 class=\"h4 text-accent-color\" ><span><strong>Maintenance<\/strong><\/span><\/h2><\/div><div class=\"clear\"><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"vc_row row-internal row-container\"><div class=\"row col-half-gutter row-child\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-6 single-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode_text_column\" ><p>Applications require continued attention after they\u2019re put into production. Maintenance can be viewed as part of the development cycle; it is typically called the \u201cmonitor\u201d phase in DevOps. This may seem easy enough if application development continues after production deployment, but what happens to maintenance of the deployed application if the team moves on to the next project?<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-6 single-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode-single-media  text-left\"><div class=\"single-wrapper\" style=\"max-width: 400px;\"><div class=\"tmb tmb-light  tmb-media-first tmb-media-last tmb-content-overlay tmb-no-bg\"><div class=\"t-inside\"><div class=\"t-entry-visual\"><div class=\"t-entry-visual-tc\"><div class=\"uncode-single-media-wrapper\"><img decoding=\"async\" class=\"wp-image-111252\" src=\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-5.jpeg\" width=\"1024\" height=\"1024\" alt=\"\" srcset=\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-5.jpeg 1024w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-5-300x300.jpeg 300w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-5-150x150.jpeg 150w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-5-768x768.jpeg 768w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-5-350x350.jpeg 350w, https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-5-348x348.jpeg 348w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"vc_row row-internal row-container\"><div class=\"row row-child\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-12 double-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode_text_column\" ><p>The dynamic nature of the threat landscape and the continuous emergence of new vulnerabilities require active monitoring of the deployed application combined with vulnerability management processes. These processes should be documented and operational, with comprehensive procedures and methodologies for effectively monitoring vulnerabilities across all layers of the technological stack and implementing processes to respond to emerging threats. The SOC (Security Operations Center) monitors the system during the maintenance phase, while the responsible party updates the stack (development, cloud, platform, and so on). The responsibilities of the various parties are defined during previous SSDLC phases.<\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"vc_row row-internal row-container\"><div class=\"row row-child\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-12 half-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"vc_custom_heading_wrap \"><div class=\"heading-text el-text\" ><h2 class=\"h4 text-accent-color\" ><span><strong>Feedback loops<\/strong><\/span><\/h2><\/div><div class=\"clear\"><\/div><\/div><div class=\"uncode_text_column\" ><p>There\u2019s a good chance your organization&#8217;s development cycle already includes continuous improvement processes built into it. This phase may just be a matter of tweaking existing feedback processes by adding feedback from the required security controls as designed, implemented, and tested. Feedback can be automatically or manually requested or gathered from multiple sources: during project meetings, using agile methodologies, from static analysis reports, and so on.<\/p>\n<\/div><div class=\"vc_custom_heading_wrap \"><div class=\"heading-text el-text\" ><h2 class=\"h4 text-accent-color\" ><span><strong>When the lifecycle ends<\/strong><\/span><\/h2><\/div><div class=\"clear\"><\/div><\/div><div class=\"uncode_text_column\" ><p>An application eventually reaches the end of its lifecycle. It is critical to proactively plan for secure closure of a service\u2014ideally when establishing data handling requirements during the relevant design phase. What happens to data when the service is shut down? If data needs to be transferred or archived, how is this managed? The characteristics of the data and the organization&#8217;s data handling procedures inform this process.<\/p>\n<\/div><div class=\"vc_custom_heading_wrap \"><div class=\"heading-text el-text\" ><h2 class=\"h4 text-accent-color\" ><span><strong>Not all systems are equal<\/strong><\/span><\/h2><\/div><div class=\"clear\"><\/div><\/div><div class=\"uncode_text_column\" ><p>There are various methods for implementing security during system development and operation. However, not all systems involve data that necessitates the highest level of security.\u00a0 It is important to assess the right level of security and the relevant controls using a risk-based approach in adherence to the organization\u2019s risk-management processes.<\/p>\n<\/div><div class=\"vc_custom_heading_wrap \"><div class=\"heading-text el-text\" ><h2 class=\"h4 text-accent-color\" ><span><strong>Conclusion<\/strong><\/span><\/h2><\/div><div class=\"clear\"><\/div><\/div><div class=\"uncode_text_column\" ><p>Bringing robust security to daily working habits is rarely straightforward, nor does it always come easily. Leveraging Secure by Design principles during development while maintaining speed and agility may seem daunting. Acknowledging the challenges involved and dedicating the necessary resources, time, and effort can allow an organization to foster a culture of security and ultimately build more resilient and secure systems. This never-ending journey requires collaboration, ongoing education, and a commitment to prioritizing security throughout the entire DevSecOps lifecycle, without forgetting other important security aspects, such as physical security and workstation security.<\/p>\n<p>And in the long run, the rewards of enhanced security, reduced risk, and increased customer trust are well worth resources dedicated to DevSecOps. After all, you cannot outsource responsibility for security.<\/p>\n<p>Furthermore, automation, artificial Intelligence, machine learning, and large language models, or LLMs, are opening new ways of incorporating security into the development lifecycle\u2014but that\u2019s a subject for another blog.<\/p>\n<\/div><div class=\"vc_custom_heading_wrap \"><div class=\"heading-text el-text\" ><h2 class=\"h4 text-accent-color\" ><span><strong>General secure development resources<\/strong><\/span><\/h2><\/div><div class=\"clear\"><\/div><\/div><div class=\"uncode_text_column\" ><p><a href=\"https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\">https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl<\/a><\/p>\n<p><a href=\"https:\/\/owasp.org\/www-pdf-archive\/Jim_Manico_(Hamburg)_-_Securiing_the_SDLC.pdf\">https:\/\/owasp.org\/www-pdf-archive\/Jim_Manico_(Hamburg)_-_Securiing_the_SDLC.pdf<\/a><\/p>\n<\/div><div class=\"vc_custom_heading_wrap \"><div class=\"heading-text el-text\" ><h2 class=\"h4 text-accent-color\" ><span><strong>Requirements resources<\/strong><\/span><\/h2><\/div><div class=\"clear\"><\/div><\/div><div class=\"uncode_text_column\" ><p><a href=\"https:\/\/owasp.org\/www-project-application-security-verification-standard\/\">https:\/\/owasp.org\/www-project-application-security-verification-standard\/<\/a><\/p>\n<p><a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/53\/a\/r5\/final\">https:\/\/csrc.nist.gov\/pubs\/sp\/800\/53\/a\/r5\/final<\/a><\/p>\n<\/div><div class=\"vc_custom_heading_wrap \"><div class=\"heading-text el-text\" ><h2 class=\"h4 text-accent-color\" ><span><strong>Design and implementation resources<\/strong><\/span><\/h2><\/div><div class=\"clear\"><\/div><\/div><div class=\"uncode_text_column\" ><p><a href=\"https:\/\/owasp.org\/www-project-proactive-controls\/\">https:\/\/owasp.org\/www-project-proactive-controls\/<\/a><\/p>\n<p><a href=\"https:\/\/cheatsheetseries.owasp.org\/index.html\">https:\/\/cheatsheetseries.owasp.org\/index.html<\/a><\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"divider-wrapper \"  >\n    <hr class=\"separator-no-padding\"  \/>\n<\/div>\n<div class=\"vc_row row-internal row-container\"><div class=\"row row-child\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-2 single-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode-single-media  text-left\"><div class=\"single-wrapper\" style=\"max-width: 150px;\"><div class=\"tmb tmb-light  tmb-media-first tmb-media-last tmb-content-overlay tmb-no-bg\"><div class=\"t-inside\"><div class=\"t-entry-visual\"><div class=\"t-entry-visual-tc\"><div class=\"uncode-single-media-wrapper\"><img decoding=\"async\" class=\"wp-image-111026\" src=\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2024\/11\/Mannonen_image001.png\" width=\"128\" height=\"188\" alt=\"\"><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"wpb_column pos-middle pos-center align_left column_child col-lg-10 single-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode_text_column\" ><p><em><strong>Jari Mannonen<\/strong> is working as the Head of Cyber Security Development at Piisku. He has over 20 years of consultancy experience in business-critical information technology and application architecture, with a focus on cybersecurity.<\/em><\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"divider-wrapper \"  >\n    <hr class=\"separator-no-padding\"  \/>\n<\/div>\n<div class=\"vc_row row-internal row-container\"><div class=\"row row-child\"><div class=\"wpb_row row-inner\"><div class=\"wpb_column pos-top pos-center align_left column_child col-lg-12 single-internal-gutter\"><div class=\"uncol style-light\" ><div class=\"uncoltable\"><div class=\"uncell no-block-padding\" ><div class=\"uncont\" ><div class=\"uncode_text_column\" ><p><em>In this article, we have used AI-generated images.<\/em><\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><script id=\"script-row-unique-0\" data-row=\"script-row-unique-0\" type=\"text\/javascript\" class=\"vc_controls\">UNCODE.initRow(document.getElementById(\"row-unique-0\"));<\/script><\/div><\/div><\/div>\n<\/div>","protected":false},"author":7,"featured_media":111248,"template":"","class_list":["post-111342","blog_posts","type-blog_posts","status-publish","has-post-thumbnail","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>PART 3 \u2013 Navigating security challenges: The Secure Software Development Lifecycle meets DevOps - Piisku<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dev.piisku.fi\/fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops\/\" \/>\n<meta property=\"og:locale\" content=\"fi_FI\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PART 3 \u2013 Navigating security challenges: The Secure Software Development Lifecycle meets DevOps - Piisku\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dev.piisku.fi\/fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops\/\" \/>\n<meta property=\"og:site_name\" content=\"Piisku\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-27T11:42:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Arvioitu lukuaika\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minuuttia\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops\",\"url\":\"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops\",\"name\":\"PART 3 \u2013 Navigating security challenges: The Secure Software Development Lifecycle meets DevOps - Piisku\",\"isPartOf\":{\"@id\":\"https:\/\/www.dev.piisku.fi\/fi\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg\",\"datePublished\":\"2025-02-27T14:19:53+00:00\",\"dateModified\":\"2025-05-27T11:42:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#breadcrumb\"},\"inLanguage\":\"fi\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fi\",\"@id\":\"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#primaryimage\",\"url\":\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg\",\"contentUrl\":\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg\",\"width\":1024,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.dev.piisku.fi\/fi\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PART 3 \u2013 Navigating security challenges: The Secure Software Development Lifecycle meets DevOps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dev.piisku.fi\/fi\/#website\",\"url\":\"https:\/\/www.dev.piisku.fi\/fi\/\",\"name\":\"Piisku\",\"description\":\"Building withstanding quality technology solutions for enhanced productivity, quality, and security.\",\"publisher\":{\"@id\":\"https:\/\/www.dev.piisku.fi\/fi\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dev.piisku.fi\/fi\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fi\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.dev.piisku.fi\/fi\/#organization\",\"name\":\"Piisku Ltd\",\"url\":\"https:\/\/www.dev.piisku.fi\/fi\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fi\",\"@id\":\"https:\/\/www.dev.piisku.fi\/fi\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2022\/09\/piisku-logotiedostot-01.svg\",\"contentUrl\":\"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2022\/09\/piisku-logotiedostot-01.svg\",\"width\":1,\"height\":1,\"caption\":\"Piisku Ltd\"},\"image\":{\"@id\":\"https:\/\/www.dev.piisku.fi\/fi\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/piisku\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PART 3 \u2013 Navigating security challenges: The Secure Software Development Lifecycle meets DevOps - Piisku","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dev.piisku.fi\/fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops\/","og_locale":"fi_FI","og_type":"article","og_title":"PART 3 \u2013 Navigating security challenges: The Secure Software Development Lifecycle meets DevOps - Piisku","og_url":"https:\/\/www.dev.piisku.fi\/fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops\/","og_site_name":"Piisku","article_modified_time":"2025-05-27T11:42:52+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Arvioitu lukuaika":"5 minuuttia"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops","url":"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops","name":"PART 3 \u2013 Navigating security challenges: The Secure Software Development Lifecycle meets DevOps - Piisku","isPartOf":{"@id":"https:\/\/www.dev.piisku.fi\/fi\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#primaryimage"},"image":{"@id":"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#primaryimage"},"thumbnailUrl":"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg","datePublished":"2025-02-27T14:19:53+00:00","dateModified":"2025-05-27T11:42:52+00:00","breadcrumb":{"@id":"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#breadcrumb"},"inLanguage":"fi","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops"]}]},{"@type":"ImageObject","inLanguage":"fi","@id":"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#primaryimage","url":"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg","contentUrl":"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2025\/02\/Designer-4.jpeg","width":1024,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.dev.piisku.fi\/blog_posts\/part-3-navigating-security-challenges-the-secure-software-development-lifecycle-meets-devops#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.dev.piisku.fi\/fi\/"},{"@type":"ListItem","position":2,"name":"PART 3 \u2013 Navigating security challenges: The Secure Software Development Lifecycle meets DevOps"}]},{"@type":"WebSite","@id":"https:\/\/www.dev.piisku.fi\/fi\/#website","url":"https:\/\/www.dev.piisku.fi\/fi\/","name":"Piisku","description":"Building withstanding quality technology solutions for enhanced productivity, quality, and security.","publisher":{"@id":"https:\/\/www.dev.piisku.fi\/fi\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dev.piisku.fi\/fi\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fi"},{"@type":"Organization","@id":"https:\/\/www.dev.piisku.fi\/fi\/#organization","name":"Piisku Ltd","url":"https:\/\/www.dev.piisku.fi\/fi\/","logo":{"@type":"ImageObject","inLanguage":"fi","@id":"https:\/\/www.dev.piisku.fi\/fi\/#\/schema\/logo\/image\/","url":"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2022\/09\/piisku-logotiedostot-01.svg","contentUrl":"https:\/\/www.dev.piisku.fi\/wp-content\/uploads\/2022\/09\/piisku-logotiedostot-01.svg","width":1,"height":1,"caption":"Piisku Ltd"},"image":{"@id":"https:\/\/www.dev.piisku.fi\/fi\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/piisku\/"]}]}},"_links":{"self":[{"href":"https:\/\/www.dev.piisku.fi\/fi\/wp-json\/wp\/v2\/blog_posts\/111342","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dev.piisku.fi\/fi\/wp-json\/wp\/v2\/blog_posts"}],"about":[{"href":"https:\/\/www.dev.piisku.fi\/fi\/wp-json\/wp\/v2\/types\/blog_posts"}],"author":[{"embeddable":true,"href":"https:\/\/www.dev.piisku.fi\/fi\/wp-json\/wp\/v2\/users\/7"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dev.piisku.fi\/fi\/wp-json\/wp\/v2\/media\/111248"}],"wp:attachment":[{"href":"https:\/\/www.dev.piisku.fi\/fi\/wp-json\/wp\/v2\/media?parent=111342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}