cybersecurity pattern
DevSecOps Pipeline
Integrate security into CI/CD pipelines. Shift security left to catch issues early.
Time
Adds minutes to pipeline
Space
Cloud-based scanning tools
🧠Mental Model
“Quality control on an assembly line - check for defects at each station, not just at the end.”
Verbal cue: Shift left - find security issues early when they're cheap to fix.
🎯Recognition Triggers
When you see these patterns in a problem, consider this approach:
CI/CD securitypipeline securityshift leftautomated securitySASTDAST
💡Interview Tips
- 1Know the difference: SAST (code), DAST (running app), SCA (dependencies)
- 2Mention specific tools you've used
- 3Discuss how to handle security findings (SLA, prioritization)
⚠️Common Mistakes
- ✕Adding security scans that block pipeline without process to handle findings
- ✕Not tuning scanners (too many false positives)
- ✕Scanning only in CI, not pre-commit