provide content for DevSecOps Guideline

Author: jgadsden

_data/draft.yaml

@@ -299,7 +299,7 @@ docs:
   url: operation
 
 - title: '9.1 DevSecOps Guideline'
-  url: operations/devsecops
+  url: operations/devsecops_guideline
 
 - title: '9.2 Coraza Web Application Firewall'
   url: operations/coraza_waf

_data/release.yaml

@@ -299,7 +299,7 @@ docs:
   url: operation
 
 - title: '9.1 DevSecOps Guideline'
-  url: operations/devsecops
+  url: operations/devsecops_guideline
 
 - title: '9.2 Coraza Web Application Firewall'
   url: operations/coraza_waf

draft/04-foundations/02-secure-development.md

@@ -97,10 +97,10 @@ There are many OWASP tools and resources to help build security into the SDLC.
    within the development teams - ideally every team should have a security champion that has
    a special interest in security and has received further training, enabling the team to build security in.
 
-* **Operation**: the OWASP [DevSecOps Guideline][devsecops] explains how to best implement a secure pipeline,
-    using best practices and introducing automation tools to help 'shift-left'.
+* **Operations**: the OWASP [DevSecOps Guideline][devsecops] explains how to best implement a secure pipeline,
+    using best practices and automation tools to help 'shift-left' security issues.
     Refer to the DevSecOps Guideline for more information on any of the topics within DevSecOps
-    and in particular sections on Operation.
+    and in particular sections on Operations.
 
 * **Supply chain**: attacks that leverage the supply chain can be devastating
     and there have been several high profile of products being successfully exploited.

draft/11-operations/01-devsecops.md

@@ -6,23 +6,54 @@ tags: OWASP Developer Guide
 contributors: Jon Gadsden
 document: OWASP Developer Guide
 order: 1101
-permalink: /draft/operations/devsecops/
+permalink: /draft/operations/devsecops_guideline/
 
 ---
 
 {% include breadcrumb.html %}
 
 ### 9.1 DevSecOps Guideline
 
-The [OWASP DevSecOps Guideline][devsecops] project
+The OWASP [DevSecOps Guideline][devsecops] project explains how to best implement a secure pipeline,
+using best practices and introducing automation tools to help 'shift-left' security issues.
+
 The DevSecOps Guideline is in active development as an OWASP Production documentation project
+and can be accessed from the [web document][dsodoc] or [downloaded as a PDF][dsopdf].
 
 #### What is the DevSecOps Guideline?
 
-#### Why use the DevSecOps Guideline?
+The DevOps (combining software Development and release Operations) pipelines use automation to integrate
+various established activities within the development and release processes into pipeline steps.
+This enables the use of Continuous integration / Continuous Delivery/Deployment (CI/CD) within an organization.
+DevSecOps (combining security with DevOps) seeks to add steps into the existing CI/CD pipelines to build security
+into the development and release process.
+
+The [DevSecOps Guideline][devsecops] is a collection of advice and theory that explains how to embed security into DevOps.
+It covers various foundational topics such as Threat Modeling pipelines, Secrets Management and Linting Code.
+It then explains and illustrates various vulnerability scanning steps commonly used in CI/CD pipelines:
+
+* Static Application Security Testing ([SAST][dsosast])
+* Dynamic Application Security Testing ([DAST][dsodast])
+* Interactive Application Security Testing ([IAST][dsoiast])
+* Software Composition Analysis ([SCA][dsosca])
+* [Infrastructure Vulnerability Scanning][dsocvs]
+* [Container Vulnerability Scanning][dsoivs]
+
+The DevSecOps Guideline is a concise guide that provides the foundational knowledge to implement DevSecOps.
 
 #### How to use the DevSecOps Guideline
 
+The DevSecOps Guideline is document can be accessed from the [web document][dsodoc] or [downloaded as a PDF][dsopdf].
+It is concise enough that all the sections can be read within a short time, and it provides enough knowledge
+to understand the concept behind DevSecOps and what activities are involved.
+
+It provides an [excellent overview][dsointro] of DevSecOps which shows how the steps of a typical CI/CD pipeline
+fit together and what sort of tools can be applied in each step to secure the pipeline.
+Many of the pages in the DevSecOps Guideline contain lists of tools that can be applied to the pipeline step.
+
+The DevSecOps Guideline document is in the process of [being expanded and updated][dsonew] which will build on the
+existing 2023 version.
+
 ----
 
 The OWASP Developer Guide is a community effort; if there is something that needs changing
@@ -31,5 +62,15 @@ then [submit an issue][issue1101] or [edit on GitHub][edit1101].
 [edit1101]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/11-operations/01-devsecops.md
 [issue1101]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=content&template=request.md&title=Update:%2011-operations/01-devsecops
 [devsecops]: https://owasp.org/www-project-devsecops-guideline/
+[dsocvs]: https://owasp.org/www-project-devsecops-guideline/latest/02f-Container-Vulnerability-Scanning
+[dsodoc]: https://owasp.org/www-project-devsecops-guideline/latest/
+[dsodast]: https://owasp.org/www-project-devsecops-guideline/latest/02b-Dynamic-Application-Security-Testing
+[dsoiast]: https://owasp.org/www-project-devsecops-guideline/latest/02c-Interactive-Application-Security-Testing
+[dsointro]: https://owasp.org/www-project-devsecops-guideline/latest/index
+[dsoivs]: https://owasp.org/www-project-devsecops-guideline/latest/02e-Infrastructure-Vulnerability-Scanning
+[dsonew]: https://github.com/OWASP/DevSecOpsGuideline/tree/master/documents
+[dsopdf]: https://github.com/OWASP/DevSecOpsGuideline/releases
+[dsosast]: https://owasp.org/www-project-devsecops-guideline/latest/02a-Static-Application-Security-Testing
+[dsosca]: https://owasp.org/www-project-devsecops-guideline/latest/02d-Software-Composition-Analysis
 
 \newpage