The world of software development moves fast, and it's constantly evolving. Containerization technologies, especially Docker, are among today's most preferred virtualization technologies. Although Docker containers are "sufficiently" secure by default, configuration errors in a Dockerfile might lead to critical security risks or degraded system performance.

Security has become increasingly integrated with software development over the last few years, and the software industry needed a new role to own secure software development processes. As a result, DevSecOps Engineer role has emerged and gained popularity in the last decade. DevSecOps is the abbreviation of three words; Development, security, and operations, and it aims to develop applications more securely in the software development life cycle (SDLC).

As digital transformation continues to take over the world, security increasingly becomes a concern for companies of all sizes. No matter how big of a security team you might have, it is hard to speak a common language between security and development teams on what controls you need during the software development life cycle. To tackle this problem, OWASP has released Application Security Verification Standard towards the end of 2021.