Source: thenewstack.io
Remove Dev Friction with Fast and Automated Security TestingCategory: Software, Database, Kubernetes, Docker, Infrastructure, Jenkins, encryption, github, gitlab, automation
A modern application stack includes four main elements interacting with each other: application code; open source libraries and frameworks; containers to pack everything together; and infrastructure to deploy the application. The infrastructure can be defined as code using modern IaC concepts and tools such as AWS CloudFormation, Terraform, etc.
Embedding security testing into the DevOps process (DevSecOps) improves developer productivity by making it easier to find and fix security issues early in the software development life cycle (SDLC) without disrupting the workflow.
These testing solutions help identify security issues not only in the application code but in the entire application stack, from known vulnerabilities in the open source code to security issues in containers and infrastructure configurations. Such practices may employ static application security testing (SAST), software composition analysis (SCA), IaC scanning capabilities and the like to help developers find and fix these security issues early in the life cycle.
Embedding security testing into the DevOps process (DevSecOps) improves developer productivity by making it easier to find and fix security issues early in the software development life cycle (SDLC) without disrupting the workflow.
These testing solutions help identify security issues not only in the application code but in the entire application stack, from known vulnerabilities in the open source code to security issues in containers and infrastructure configurations. Such practices may employ static application security testing (SAST), software composition analysis (SCA), IaC scanning capabilities and the like to help developers find and fix these security issues early in the life cycle.
Related Articles
Community Partners
DevOps Careers