Oracle Exam 1Z0-1109-23 Topic 2 Question 4 Discussion

The best practices that ABC Inc. should implement to incorporate DevSecOps into their DevOps process are:

Follow established security guidelines, such as the OWASP DevSecOps guideline, during the development and testing process. The OWASP DevSecOps guideline is a set of recommendations and tools that help developers and testers integrate security into every stage of the software development lifecycle (SDLC). The guideline covers topics such as threat modeling, secure coding, code analysis, security testing, vulnerability management, etc.

Perform regular scans for vulnerabilities and prioritize fixing them based on their severity. Vulnerability scanning is a process of identifying and assessing the security risks in your code, dependencies, images, containers, or infrastructure. You can use tools such as SonarQube, Sonatype Nexus IQ Server, or Twistlock to perform vulnerability scanning and generate reports with detailed information and remediation suggestions. You should also prioritize fixing the vulnerabilities based on their severity level and potential impact.

Implement role-based access control and define roles and responsibilities for everyone involved in the development process. Role-based access control (RBAC) is a method of restricting access to resources based on the roles of the users or groups. You can use RBAC to enforce the principle of least privilege, which means granting only the minimum level of access required for each user or group to perform their tasks. You should also define clear roles and responsibilities for everyone involved in the development process, such as developers, testers, operations staff, security staff, etc., and assign them appropriate permissions and policies. Verified Reference: [DevSecOps - Oracle Cloud Infrastructure Security], [DevSecOps Best Practices - Oracle Cloud Infrastructure Security]