After running DevOps transformation for since 2015 to speed up business delivery and provide better quality product/services, cyber security becomes the bottleneck of DevOps process. In order to solve this problem, since 2018, we started to run DevSecOps transformation to left shift cyber security into DevOps process.

In this presentation, we will share our DevSecOps implementation experience from different aspects: how to apply different DevSecOps technologies (SAST, DAST, SCA and ect); how to build up a DevSecOps system (DevSecOps implmentation model, Operating model, Maturity model, Dashboard and metrics, vulnerabilities management, and etc); how to improve development teams cyber security mindset and skills trhough different training and events; and how to establish the DevSecOps culture. In addition, we will study different DevSecOps cases to discuss and analyze how to implement DevSecOps in different industries and different scenarios.