DevSecOps notes¶

These pages cover the practical side of DevSecOps: SDLC methodologies, security automation, threat modelling, identity management, cloud platform patterns, and the securing of infrastructure that appears in compliance audits before anyone has thought to document it.

The topics span from SSDLC methodologies to securing specific services (block storage, managed databases, virtual machines, VPNs), with detours into privacy impact assessments, risk scoring, and the threat matrices that surface repeatedly in pipeline security discussions.

Some sections are substantive; others are thin. This is a living set of notes.