Book Image

Solutions Architect’s Handbook - Second Edition

By : Saurabh Shrivastava, Neelanjali Srivastav
4 (2)
Book Image

Solutions Architect’s Handbook - Second Edition

4 (2)
By: Saurabh Shrivastava, Neelanjali Srivastav

Overview of this book

Becoming a solutions architect requires a hands-on approach, and this edition of the Solutions Architect's Handbook brings exactly that. This handbook will teach you how to create robust, scalable, and fault-tolerant solutions and next-generation architecture designs in a cloud environment. It will also help you build effective product strategies for your business and implement them from start to finish. This new edition features additional chapters on disruptive technologies, such as Internet of Things (IoT), quantum computing, data engineering, and machine learning. It also includes updated discussions on cloud-native architecture, blockchain data storage, and mainframe modernization with public cloud. The Solutions Architect's Handbook provides an understanding of solution architecture and how it fits into an agile enterprise environment. It will take you through the journey of solution architecture design by providing detailed knowledge of design pillars, advanced design patterns, anti-patterns, and the cloud-native aspects of modern software design. By the end of this handbook, you'll have learned the techniques needed to create efficient architecture designs that meet your business requirements.
Table of Contents (22 chapters)
Other Books You May Enjoy

Combining DevSecOps and CI/CD

A DevSecOps practice needs to be embedded with every step of the CI/CD pipeline. DevSecOps ensures the security of the CI/CD pipeline by managing the right access and roles assigned to each server and making sure the build servers such as Jenkins are hardened to be protected from any security glitch. In addition to that, we need to make sure that all artifacts are validated and code analysis is in place. It's better to be ready for incident response by automating continuous compliance validation and incident response remediation.

The following diagram provides us with multiple stages to test security boundaries and catch security issues and compliance with policies as early as possible:

Figure 12.7: DevSecOps and CI/CD

At each integration point, you can identify different issues, as illustrated in the preceding diagram:

  • In the coding phase, scan all code to ensure no secret key or access key is hardcoded in between code...