[{"data":1,"prerenderedAt":455},["ShallowReactive",2],{"/ja-jp/the-source/security/how-to-strengthen-security-by-applying-devsecops-principles":3,"footer-ja-jp":33,"the-source-banner-ja-jp":331,"the-source-navigation-ja-jp":337,"article-site-categories-ja-jp":359,"the-source-newsletter-ja-jp":361,"how-to-strengthen-security-by-applying-devsecops-principles-the-source-source-cta-ja-jp":6,"how-to-strengthen-security-by-applying-devsecops-principles-article-hero-category-ja-jp":368,"how-to-strengthen-security-by-applying-devsecops-principles-category-ja-jp":394,"how-to-strengthen-security-by-applying-devsecops-principles-article-hero-author-ja-jp":407,"how-to-strengthen-security-by-applying-devsecops-principles-the-source-resources-ja-jp":428},{"id":4,"title":5,"body":6,"category":7,"config":8,"content":13,"description":6,"extension":24,"meta":25,"navigation":26,"path":27,"seo":28,"slug":29,"stem":30,"type":31,"__hash__":32},"theSource/ja-jp/the-source/security/how-to-strengthen-security-by-applying-devsecops-principles.yml","How To Strengthen Security By Applying Devsecops Principles",null,"security",{"layout":9,"template":10,"author":11,"featured":12},"the-source","TheSourceArticle","ncregan",false,{"title":14,"date":15,"description":16,"timeToRead":17,"heroImage":18,"keyTakeaways":19,"articleBody":23},"DevSecOpsの原則を採り入れてセキュリティを強化する方法","2023-02-23","DevSecOpsの原則を採り入れる方法と、それによって得られるメリットについてご紹介します。","4分で読めます","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464433/bdwagz0bt5bpgghjkout.png",[20,21,22],"DevSecOpsはセキュリティをSDLCに統合し、デリバリーを遅らせることなく、安全なアプリの開発を実現します。","DevSecOpsによる自動化によって、セキュリティが強化され、脅威の検出と対応が効率化されます。","DevSecOpsにおけるコラボレーションによって、統一されたアプローチで、安全なソフトウェア開発を迅速に進められるようになります。","DevSecOpsの原則に従えば、企業は迅速かつ効率的に価値を提供しながら、アプリケーションを悪意のある人物から確実に保護できます。この記事では、DevSecOpsの原則について詳しく説明し、最先端のセキュリティ対策を実現する上でどのように役立つかをご紹介します。それでは詳しく見ていきましょう。\n\n## DevSecOps とは？\n[DevSecOps](/topics/devsecops/)は、開発、セキュリティ、オペレーションの3原則を組み合わせたソフトウェア開発アプローチです。DevSecOpsを採用すると、チームは迅速かつ効率的に価値を提供しながら、安全で信頼性の高い製品を作成できます。DevSecOpsの実装を成功させるには、品質やセキュリティを妥協せずに、市場投入までの時間を短縮することを目指して、継続的インテグレーションや自動化、テストを行う必要があります。\n\n## DevSecOpsの原則の概要\n開発チームは[DevSecOpsの原則](/blog/4-must-know-devops-principles/)に従って統合されたセキュリティテストを実施することで、安全かつ信頼性の高いアプリケーションを迅速に開発できます。DevSecOpsアプローチを実践すると、初期設計から継続的なデリバリー、そして継続的デプロイメントまで、ソフトウェア開発ライフサイクル（SDLC）にセキュリティが統合されます。これにより、システムの脆弱性を悪用した悪意のある人物によるセキュリティ漏洩の発生を防ぎ、サイバー攻撃の全体的なリスクを低減できます。\n\nDevSecOpsの原則とは、具体的には以下のとおりです。\n\n### 自動化と統合\n自動化と統合は、DevSecOpsにおいて重要な考え方です。セキュリティプロセスの自動化によって、安全で信頼性の高いアプリケーションの開発を支援すると同時に、今後発生しうる悪質な攻撃のリスクを低減します。開発サイクル中に複数のタイミングでセキュリティ対策を設定して実行し、継続的なセキュリティを適用することで、セキュリティの実践を簡素化および最適化できます。\n\n### 継続的なデリバリーと継続的なデプロイ\n継続的なデリバリーとデプロイは、潜在的な脅威に迅速に対応し、悪意のある人物からソフトウェアサプライチェーンを保護できるようにするもう1つの方法です。[自動化されたプロセスを用いてアプリケーションを継続的にデプロイする](/blog/cd-solution-overview/)ことで、アプリケーションのセキュリティと品質を維持しながら、新機能や新製品を迅速に開発できるようにします。\n\n### セキュリティへの協調的なアプローチ\nセキュリティは、DevSecOpsの中核と言えます。アプリケーションの安全性と信頼性を確保するには、複数のセキュリティチェックを継続的に実施しつつ、[高度に協調的なアプローチ](/topics/version-control/software-team-collaboration/)を取ることが求められます。開発プロセスに携わるすべての関係者がセキュリティプロセスに取り組む必要があります。\n\nセキュリティチームはデベロッパーと協力しながら、アプリケーションの設計時に[適切なセキュリティ制御](/topics/devsecops/devsecops-security-checklist/)が組み込まれていること、またセキュリティの脆弱性が最小限であることを確認する必要があります。それと同時に、オペレーションチームはアプリケーションを安全にデプロイし、モニタリングするために、セキュリティチームと連携しなければなりません。\n\n### SDLCのすべてのステージでセキュリティを実装\nSDLCのすべてのステージでセキュリティ対策を導入することで、品質を妥協せずに、安全なアプリケーションを効率的に開発できます。設計から開発、デプロイまで、[ライフサイクルのすべてのステージ](/blog/top-10-gitlab-hacks/)をカバーすることが重要です。\n\n効果的にこのプロセスを実施するためには、デベロッパーが適切なセキュリティ制御が実装されたアプリケーションを設計した上で、オペレーションチームがアプリケーションを安全にデプロイし、モニタリングする必要があります。\n\n### 積極的なモニタリングと対応戦略\nアプリケーションのライフサイクルを通じてセキュリティを維持するためには、積極的なモニタリングと対応戦略を立てることが不可欠です。[モニタリング](/blog/working-with-performance-metrics/)を行うには、潜在的な脆弱性を特定し、発生時にチームに通知する自動化されたツールをデプロイします。\n\nこれにより、リスクが最小限に抑えられ、組織全体において一貫性を確保できます。包括的な対応戦略を採用することで、問題が悪化してセキュリティリスクとなる前に特定し、解決できます。\n\n## DevSecOpsの導入によって得られるメリット\nDevSecOpsを導入すると、組織は以下のような多くのメリットを得られます。\n1. 安全なソフトウェアを提供できるため、顧客との信頼関係を構築しやすくなります。\n2. 悪意のある人物によるシステムの脆弱性の悪用を防止できるとともに、システムのセキュリティが向上します。\n3. DevSecOpsの開発手法により、最高レベルのセキュリティを確保しながら、迅速に価値を提供できます。\n4. 設計からデプロイまで、ソフトウェア開発パイプラインにセキュリティ対策を組み込むことで、チームは潜在的なリスクをすばやく特定して対処できるため、悪質な攻撃のリスクを低減できます。\n5. DevSecOpsを導入することで、組織は潜在的な脅威を事前に特定して対処し、市場での競争力を維持できます。\n\n[DevSecOpsの導入](/blog/whats-next-for-devsecops/)は、迅速かつ効率的に価値を提供しながら、悪質な攻撃からシステムを保護したいと考えている組織にとって不可欠です。さらに、SDLCにセキュリティを統合することで、新規アプリケーションの安全性を最初から確保できます。DevSecOpsの文化とアプローチを浸透させることで、ソフトウェア開発プロセスの全体的な効率と品質が最大限に高まります。","yml",{},true,"/ja-jp/the-source/security/how-to-strengthen-security-by-applying-devsecops-principles",{"title":14,"description":16,"ogImage":18},"how-to-strengthen-security-by-applying-devsecops-principles","ja-jp/the-source/security/how-to-strengthen-security-by-applying-devsecops-principles","article","pRfLhxvzhrr60mE_5oKH7ZVTSe7LUhkn4hzB2HiuvnQ",{"data":34},{"text":35,"source":36,"edit":42,"contribute":47,"config":52,"items":57,"minimal":323},"GitはSoftware Freedom Conservancyの商標です。当社は「GitLab」をライセンスに基づいて使用しています",{"text":37,"config":38},"ページのソースを表示",{"href":39,"dataGaName":40,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":43,"config":44},"このページを編集",{"href":45,"dataGaName":46,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":48,"config":49},"ご協力をお願いします",{"href":50,"dataGaName":51,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":53,"facebook":54,"youtube":55,"linkedin":56},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[58,85,158,224,286],{"title":59,"links":60,"subMenu":66},"プラットフォーム",[61],{"text":62,"config":63},"DevSecOpsプラットフォーム",{"href":64,"dataGaName":65,"dataGaLocation":41},"/ja-jp/platform/","devsecops platform",[67],{"title":68,"links":69},"価格",[70,75,80],{"text":71,"config":72},"プランの表示",{"href":73,"dataGaName":74,"dataGaLocation":41},"/ja-jp/pricing/","view plans",{"text":76,"config":77},"Premiumを選ぶ理由",{"href":78,"dataGaName":79,"dataGaLocation":41},"/ja-jp/pricing/premium/","why premium",{"text":81,"config":82},"Ultimateを選ぶ理由",{"href":83,"dataGaName":84,"dataGaLocation":41},"/ja-jp/pricing/ultimate/","why ultimate",{"title":86,"links":87},"ソリューション",[88,93,98,103,108,113,118,123,128,133,138,143,148,153],{"text":89,"config":90},"デジタルトランスフォーメーション",{"href":91,"dataGaName":92,"dataGaLocation":41},"/ja-jp/topics/digital-transformation/","digital transformation",{"text":94,"config":95},"セキュリティとコンプライアンス",{"href":96,"dataGaName":97,"dataGaLocation":41},"/ja-jp/solutions/application-security-testing/","Application security testing",{"text":99,"config":100},"自動化されたソフトウェアデリバリー",{"href":101,"dataGaName":102,"dataGaLocation":41},"/ja-jp/solutions/delivery-automation/","automated software delivery",{"text":104,"config":105},"アジャイル開発",{"href":106,"dataGaName":107,"dataGaLocation":41},"/ja-jp/solutions/agile-delivery/","agile delivery",{"text":109,"config":110},"クラウドトランスフォーメーション",{"href":111,"dataGaName":112,"dataGaLocation":41},"/ja-jp/topics/cloud-native/","cloud transformation",{"text":114,"config":115},"SCM",{"href":116,"dataGaName":117,"dataGaLocation":41},"/ja-jp/solutions/source-code-management/","source code management",{"text":119,"config":120},"CI/CD",{"href":121,"dataGaName":122,"dataGaLocation":41},"/ja-jp/solutions/continuous-integration/","continuous integration & delivery",{"text":124,"config":125},"バリューストリーム管理",{"href":126,"dataGaName":127,"dataGaLocation":41},"/ja-jp/solutions/value-stream-management/","value stream management",{"text":129,"config":130},"GitOps",{"href":131,"dataGaName":132,"dataGaLocation":41},"/ja-jp/solutions/gitops/","gitops",{"text":134,"config":135},"Enterprise",{"href":136,"dataGaName":137,"dataGaLocation":41},"/ja-jp/enterprise/","enterprise",{"text":139,"config":140},"スモールビジネス",{"href":141,"dataGaName":142,"dataGaLocation":41},"/ja-jp/small-business/","small business",{"text":144,"config":145},"公共機関",{"href":146,"dataGaName":147,"dataGaLocation":41},"/ja-jp/solutions/public-sector/","public sector",{"text":149,"config":150},"教育",{"href":151,"dataGaName":152,"dataGaLocation":41},"/ja-jp/solutions/education/","education",{"text":154,"config":155},"金融サービス",{"href":156,"dataGaName":157,"dataGaLocation":41},"/ja-jp/solutions/finance/","financial services",{"title":159,"links":160},"関連リソース",[161,166,171,176,181,186,190,194,199,204,209,214,219],{"text":162,"config":163},"インストール",{"href":164,"dataGaName":165,"dataGaLocation":41},"/ja-jp/install/","install",{"text":167,"config":168},"クイックスタートガイド",{"href":169,"dataGaName":170,"dataGaLocation":41},"/ja-jp/get-started/","quick setup checklists",{"text":172,"config":173},"学ぶ",{"href":174,"dataGaName":175,"dataGaLocation":41},"https://university.gitlab.com/","learn",{"text":177,"config":178},"製品ドキュメント",{"href":179,"dataGaName":180,"dataGaLocation":41},"https://docs.gitlab.com/","docs",{"text":182,"config":183},"ブログ",{"href":184,"dataGaName":185},"/ja-jp/blog/","blog",{"text":187,"config":188},"お客様の成功事例",{"href":189,"dataGaLocation":41},"/ja-jp/customers/",{"text":191,"config":192},"お客様成功事例",{"href":189,"dataGaName":193,"dataGaLocation":41},"customer success stories",{"text":195,"config":196},"リモート",{"href":197,"dataGaName":198,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":200,"config":201},"GitLabサービス",{"href":202,"dataGaName":203,"dataGaLocation":41},"/ja-jp/services/","services",{"text":205,"config":206},"コミュニティ",{"href":207,"dataGaName":208,"dataGaLocation":41},"/community/","community",{"text":210,"config":211},"フォーラム",{"href":212,"dataGaName":213,"dataGaLocation":41},"https://forum.gitlab.com/","forum",{"text":215,"config":216},"イベント",{"href":217,"dataGaName":218,"dataGaLocation":41},"/events/","events",{"text":220,"config":221},"パートナー",{"href":222,"dataGaName":223,"dataGaLocation":41},"/ja-jp/partners/","partners",{"title":225,"links":226},"Company",[227,232,237,242,247,252,257,261,266,271,276,281],{"text":228,"config":229},"GitLabについて",{"href":230,"dataGaName":231,"dataGaLocation":41},"/ja-jp/company/","company",{"text":233,"config":234},"採用情報",{"href":235,"dataGaName":236,"dataGaLocation":41},"/jobs/","jobs",{"text":238,"config":239},"経営陣",{"href":240,"dataGaName":241,"dataGaLocation":41},"/company/team/e-group/","leadership",{"text":243,"config":244},"チーム",{"href":245,"dataGaName":246,"dataGaLocation":41},"/company/team/","team",{"text":248,"config":249},"ハンドブック",{"href":250,"dataGaName":251,"dataGaLocation":41},"https://handbook.gitlab.com/","handbook",{"text":253,"config":254},"投資家向け情報",{"href":255,"dataGaName":256,"dataGaLocation":41},"https://ir.gitlab.com/","investor relations",{"text":258,"config":259},"Sustainability",{"href":260,"dataGaName":258,"dataGaLocation":41},"/sustainability/",{"text":262,"config":263},"ダイバーシティ、インクルージョン、ビロンギング（DIB）",{"href":264,"dataGaName":265,"dataGaLocation":41},"/ja-jp/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":267,"config":268},"トラストセンター",{"href":269,"dataGaName":270,"dataGaLocation":41},"/ja-jp/security/","trust center",{"text":272,"config":273},"ニュースレター",{"href":274,"dataGaName":275,"dataGaLocation":41},"/company/contact/#contact-forms","newsletter",{"text":277,"config":278},"プレス",{"href":279,"dataGaName":280,"dataGaLocation":41},"/press/","press",{"text":282,"config":283},"現代奴隷制の透明性に関する声明",{"href":284,"dataGaName":285,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":287,"links":288},"お問い合わせ",[289,293,298,303,308,313,318],{"text":287,"config":290},{"href":291,"dataGaName":292,"dataGaLocation":41},"/ja-jp/sales/","sales",{"text":294,"config":295},"サポートを受ける",{"href":296,"dataGaName":297,"dataGaLocation":41},"/support/","get help",{"text":299,"config":300},"カスタマーポータル",{"href":301,"dataGaName":302,"dataGaLocation":41},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":304,"config":305},"ステータス",{"href":306,"dataGaName":307,"dataGaLocation":41},"https://status.gitlab.com/","status",{"text":309,"config":310},"利用規約",{"href":311,"dataGaName":312,"dataGaLocation":41},"/terms/","terms of use",{"text":314,"config":315},"プライバシーに関する声明",{"href":316,"dataGaName":317,"dataGaLocation":41},"/ja-jp/privacy/","privacy statement",{"text":319,"config":320},"Cookieの設定",{"dataGaName":321,"dataGaLocation":41,"id":322,"isOneTrustButton":26},"cookie preferences","ot-sdk-btn",{"items":324},[325,327,329],{"text":309,"config":326},{"href":311,"dataGaName":312,"dataGaLocation":41},{"text":314,"config":328},{"href":316,"dataGaName":317,"dataGaLocation":41},{"text":319,"config":330},{"dataGaName":321,"dataGaLocation":41,"id":322,"isOneTrustButton":26},{"visibility":26,"title":332,"button":333},"The Intelligent Software Development Era: How AI is reshaping DevSecOps teams",{"config":334,"text":336},{"href":335},"/ja-jp/developer-survey/japan/","Get the research report",{"logo":338,"subscribeLink":343,"navItems":347},{"altText":339,"config":340},"the source logo",{"src":341,"href":342},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/ja-jp/the-source/",{"text":344,"config":345},"購読する",{"href":346},"#subscribe",[348,352,355],{"text":349,"config":350},"人工知能",{"href":351},"/ja-jp/the-source/ai/",{"text":94,"config":353},{"href":354},"/ja-jp/the-source/security/",{"text":356,"config":357},"プラットフォームとインフラストラクチャ",{"href":358},"/ja-jp/the-source/platform/",{"categoryNames":360},{"ai":349,"platform":356,"security":94},{"title":362,"description":363,"submitMessage":364,"formData":365},"The Sourceニュースレター","ソフトウェア開発の未来への洞察に関する最新情報を入手しましょう。","The Sourceのニュースレターへの登録が完了しました。",{"config":366},{"formId":367,"formName":275,"hideRequiredLabel":26},28467,{"id":369,"title":370,"body":6,"category":6,"config":371,"content":372,"description":6,"extension":24,"meta":388,"navigation":26,"path":389,"seo":390,"slug":7,"stem":391,"testContent":6,"type":392,"__hash__":393},"pages/ja-jp/the-source/security/index.yml","",{"layout":9},[373,380],{"componentName":374,"componentContent":375},"TheSourceCategoryHero",{"title":94,"description":376,"image":377},"進化するセキュリティ脅威とコンプライアンス要件に対応するための最新情報をお届けします。",{"config":378},{"src":379},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",{"componentName":381,"componentContent":382},"TheSourceCategoryMainSection",{"config":383},{"sourceCTAs":384},[385,386,387],"source-lp-guide-to-dynamic-sboms","source-lp-a-field-guide-to-threat-vectors-in-the-software-supply-chain","application-security-in-the-digital-age",{},"/ja-jp/the-source/security",{"title":94,"description":376,"ogImage":370},"ja-jp/the-source/security/index","category","LdkNmpSN4IQ6BbGSqZS7AwRiPaalH_hSrFUQoOJA1UY",{"id":369,"title":370,"body":6,"category":6,"config":395,"content":396,"description":6,"extension":24,"meta":405,"navigation":26,"path":389,"seo":406,"slug":7,"stem":391,"testContent":6,"type":392,"__hash__":393},{"layout":9},[397,401],{"componentName":374,"componentContent":398},{"title":94,"description":376,"image":399},{"config":400},{"src":379},{"componentName":381,"componentContent":402},{"config":403},{"sourceCTAs":404},[385,386,387],{},{"title":94,"description":376,"ogImage":370},{"id":408,"title":409,"body":6,"category":6,"config":410,"content":411,"description":6,"extension":24,"meta":422,"navigation":26,"path":423,"seo":424,"slug":11,"stem":425,"testContent":6,"type":426,"__hash__":427},"theSourceAuthors/ja-jp/the-source/authors/ncregan.yml","Ncregan",{"layout":9},[412,420],{"componentName":413,"componentContent":414},"TheSourceAuthorHero",{"config":415,"name":416,"headshot":417},{"gitlabHandle":11},"Niall Cregan",{"altText":416,"config":418},{"src":419},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463431/yrtwodocb4cu3j7lkhyo.png",{"componentName":421},"TheSourceArticlesList",{},"/ja-jp/the-source/authors/ncregan",{"title":416},"ja-jp/the-source/authors/ncregan","author","3ORGYneKJd4gk7O8MKWMjz3WIHhKIZ3J1Gx848wV4lU",[429,439,446],{"config":430,"title":431,"description":432,"link":433},{"slug":387},"デジタル時代のアプリケーション・セキュリティ","[世界各地のDevSecOpsの専門家5,000名を対象に行った調査結果](https://about.gitlab.com/ja-jp/developer-survey/2024/security-compliance/)を読み、組織がアタックサーフェス（攻撃対象領域）の増加にどのように取り組んでいるか、またセキュリティとAIに対する姿勢がどのように変化しているかをご覧ください。",{"text":434,"config":435},"レポートを読む",{"href":436,"dataGaName":437,"dataGaLocation":438},"/ja-jp/developer-survey/2024/security-compliance/","Application Security in the Digital Age","thesource",{"config":440,"title":441,"link":442},{"slug":386},"ソフトウェアサプライチェーンにおける脅威ベクターのフィールドガイド",{"config":443},{"href":444,"dataGaName":445,"dataGaLocation":438},"/the-source/security/field-guide-to-threat-vectors-in-the-software-supply-chain/","A field guide to threat vectors in the software supply chain",{"config":447,"title":448,"description":449,"link":450},{"slug":385},"GitLab動的SBOMガイド： 最新のソフトウェア開発に不可欠な要素","ソフトウェア部品表（SBOM）を使用して、これまで認識されていなかった組織リスクを可視化する方法をご紹介します。",{"text":451,"config":452},"ガイドを読む",{"href":453,"dataGaName":454,"dataGaLocation":438},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs",1772652114065]