Overview

The Security Development Lifecycle (SDL) is the approach Microsoft uses to integrate security into DevOps processes (sometimes called a DevSecOps approach). You can use this SDL guidance and documentation to adapt this approach and practices to your organization.  

The practices described in the SDL approach can be applied to all types of software development and all platforms from classic waterfall through to modern DevOps approaches. This generally applicable software security approach works across different:

• Software – whether you are developing software code for firmware, AI applications, operating systems, drivers, IoT Devices, mobile device apps, web services, plug-ins or applets, hardware microcode, low-code/no-code apps, or other software formats. Note that most practices in the SDL are applicable to secure computer hardware development as well.  
• Platforms – whether the software is running on a ‘serverless’ platform approach, on an on-premises server, a mobile device, a cloud-hosted VM, a user endpoint, as part of a Software as a Service (SaaS) application, a cloud edge device, an IoT device, or anywhere else. 

The SDL focuses on 10 security practices to integrate into your development processes.