DevSecOps: security built into delivery
This section is about building and shipping software with security built in from the first commit, not bolted on at the end.
In practice that comes down to a few things I care about. Infrastructure and configuration live in version control, so every change is reviewable and reproducible. Delivery follows a GitOps model, where the desired state of a system is described in git and a controller reconciles the running system toward it. Security checks run inside the pipeline, so dependency, container and code problems surface early instead of in production. And secrets never live in a repository; they are pulled at runtime from a dedicated secrets store.
I run my own provisioning automation that turns a plain description of a customer site into a fully configured, secured deployment. Writing about it here is a way to think out loud about what works, what breaks, and why.
Expect posts on CI/CD, GitOps, secrets management and the automation that holds it together. Real setups and honest trade-offs, no vendor pitch.