- Home
- >
- DevOps News
- >
- The Evolving Role of Automation in DevOps Tools – InApps 2022
The Evolving Role of Automation in DevOps Tools – InApps is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn The Evolving Role of Automation in DevOps Tools – InApps in today’s post !
Read more about The Evolving Role of Automation in DevOps Tools – InApps at Wikipedia
You can find content about The Evolving Role of Automation in DevOps Tools – InApps from the Wikipedia website
GitLab sponsored this post.
James Brotsos
James is a Senior Solutions Engineer at Checkmarx, bringing 15 years of network protocol and kernel development experience to his role. He has a particular passion for architecting automated solutions that are effective in driving security measures for DevOps organizations, helping them meet their DevSecOps goals. In his spare time, James volunteers mentoring computer science high school students in San Francisco, running the Checkmarx User Group and participating in IoT hackathons.
One of the greatest challenges currently facing security and development teams is striking a balance between speed and security. Application security testing (AST) tools that leverage automation to produce high-quality results must continue to evolve, in order to help organizations bring these two components together. The goal should be to shift to a true DevSecOps model, by automating vulnerability detection and triage to reduce secure software time-to-market.
According to analyst firm Gartner:
“…modern application design and the continued adoption of DevSecOps are expanding the scope of the AST market. Security and risk management leaders will need to meet tighter deadlines and test more complex applications by seamlessly integrating and automating AST in the software delivery life cycle.”
Yet, legacy AST solutions currently on the market tend to operate outside the CI tooling in use, and scans are generally performed after a merge/build has already taken place — further to the right of the software development lifecycle (SDLC).
Seriously, It’s Time to Shift Left
Newer AST tools, on the other hand, allow organizations to shift that functionality to the left — with the most innovative ones featuring an orchestration layer that simplifies the implementation and automation of security testing in modern development environments. As DevOps and security testing evolves, scans can now be automatically triggered, embedding results directly into the CI/CD pipelines of DevOps tools like GitLab. The result? Streamlined DevOps workflows, earlier detection of software vulnerabilities (AKA shifting as far left as possible), and happier developers because they’re able to stay right within their preferred environments.
Yes, End-to-End Automation Is a Thing
By automating the steps required to scan code earlier in the SDLC, it eliminates the need for time-consuming manual configuration of scans. It also allows developers to publish and update scan findings, based on a pre-configured policy within the code management tools. After the initial configuration, AST scan activity is performed hands-off with no human intervention required, beyond a pull request initiated by a developer.
As if it couldn’t get any easier, modern automation tools also allow developers to:
- Catch and fix vulnerabilities during the coding phase (the earliest stage of development).
- Work as usual with no disruptions, no new tools, no additional security reviews needed, etc.
- Treat security bugs and functional bugs alike, and allow them to immediately address those bugs within the code branch(es) they’re currently working on.
- Reduce the overhead of manually opening, validating and closing security tickets, without spending countless hours in bug tracking or ticketing management systems.
Erasing the Line in the Sand Leads to True DevSecOps
Advanced automation tools eliminate the manual and time-consuming configuration per project within DevOps, thereby removing the friction between developers and DevOps teams when needing to add scanning steps into the jobs of all CI pipelines. Adding jobs or steps to scan code is challenging using the traditional CI-scan model. Advanced automation tools ultimately break down barriers between teams and allow them to play better together and achieve true DevSecOps integration.
At the end of the day, shifting left and automating your CI/CD pipeline will dramatically improve the integration of security within the SDLC. Organizations can instantly onboard their development, security, and operations teams and simplify the governance of their security policies and DevSecOps processes. The traditional AST solution providers are leaving developers behind because without the ability to scan source code directly in your environment, you’re left having to manually process scans — leaving a lot of room for marginal error and adding a lot of time to your end-delivery date.
If I can leave you with one thing, it’s that integration is key to automation and the tools you use should enable the most shift left approach possible, where automation can occur within the SDLC — changing the way AST solutions are embedded within all DevOps environments.
List of Keywords users find our article on Google:
linkedin scan code |
codingphase |
checkmarx scan |
devops engineer san francisco |
scansource |
“checkmarx” |
“advanced automation” |
intégration de facebook leads avec gitlab |
ats automation jobs |
scansource jobs |
what time is it in ast |
checkmarx review |
ansible yes vs true |
codingphase review |
welcome to facebook bug |
devops icon |
devsecops end-to-end encrypted messaging |
application security testing gartner |
ast time now |
balanced development automation |
gartner application security testing |
qc design school reviews |
Source: InApps.net
Let’s create the next big thing together!
Coming together is a beginning. Keeping together is progress. Working together is success.