It’s impossible to talk about cloud technologies, modern applications and, in general, digital transformation, and not to mention security. The same applies to software development, in particular the DevOps methodology. DevOps is a software development methodology that focuses on communication, integration, and collaboration between IT professionals ensuring rapid product deployment. DevOps practice reflects the idea of continuous improvement and automation. Many practices are designed for one or more stages of the development cycle. Three hundred hours spent on software development can be wasted in just 30 seconds, if only one defect during operation is detected. This, subsequently, can ruin reputation of the whole product, and as a result there will be no choice but to simply remove it from the market. And this establishes the importance and necessity of quality control [1].
 To ensure quality of software products during development risk management should be used at every stage of the DevOps lifecycle. Implementing DevOps without paying attention to security will definitely increase risks of attacks. Risk is the occurrence of an uncertain event that positively or negatively affects measured criteria of project success. These can be events that have happened in the past or current events, or something that may happen in the future. These uncertain events can affect target, business, technical and qualitative objectives of the project [2].
 Main stages of risk management include:
 
 risk identification;
 risk analysis and assessment;
 risk response;
 risk monitoring and control.
 
 The purpose of the article is to choose the method of risk analysis and assessment in the DevOps methodology. When using risk management model in DevOps, it is important to choose risk assessment method that is optimal for the criteria relevant to DevOps. To such criteria authors attribute cost of resources, time spent, accuracy of evaluation. Therefore, the choice of risk assessment method is an important component of the process of creating secure software. Risk assessment methods such as PRisMA, PRAM, FMEA, DREAD and FTA were considered in this work.
Read full abstract