• Home
  • >
  • DevOps
  • >
  • The Evolving Role of Automation in DevOps Tools – InApps 2022

The Evolving Role of Automation in DevOps Tools – InApps is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn The Evolving Role of Automation in DevOps Tools – InApps in today’s post !

Read more about The Evolving Role of Automation in DevOps Tools – InApps at Wikipedia

You can find content about The Evolving Role of Automation in DevOps Tools – InApps from the Wikipedia website

GitLab sponsored this post.

James Brotsos

James is a Senior Solutions Engineer at Checkmarx, bringing 15 years of network protocol and kernel development experience to his role. He has a particular passion for architecting automated solutions that are effective in driving security measures for DevOps organizations, helping them meet their DevSecOps goals. In his spare time, James volunteers mentoring computer science high school students in San Francisco, running the Checkmarx User Group and participating in IoT hackathons.

One of the greatest challenges currently facing security and development teams is striking a balance between speed and security. Application security testing (AST) tools that leverage automation to produce high-quality results must continue to evolve, in order to help organizations bring these two components together. The goal should be to shift to a true DevSecOps model, by automating vulnerability detection and triage to reduce secure software time-to-market.

According to analyst firm Gartner:

“…modern application design and the continued adoption of DevSecOps are expanding the scope of the AST market. Security and risk management leaders will need to meet tighter deadlines and test more complex applications by seamlessly integrating and automating AST in the software delivery life cycle.” 

Yet, legacy AST solutions currently on the market tend to operate outside the CI tooling in use, and scans are generally performed after a merge/build has already taken place — further to the right of the software development lifecycle (SDLC).

Read More:   Update Databases at Scale Part Three: The Reality of Transactional Apps

Seriously, It’s Time to Shift Left

Newer AST tools, on the other hand, allow organizations to shift that functionality to the left — with the most innovative ones featuring an orchestration layer that simplifies the implementation and automation of security testing in modern development environments. As DevOps and security testing evolves, scans can now be automatically triggered, embedding results directly into the CI/CD pipelines of DevOps tools like GitLab. The result? Streamlined DevOps workflows, earlier detection of software vulnerabilities (AKA shifting as far left as possible), and happier developers because they’re able to stay right within their preferred environments.

Yes, End-to-End Automation Is a Thing

By automating the steps required to scan code earlier in the SDLC, it eliminates the need for time-consuming manual configuration of scans. It also allows developers to publish and update scan findings, based on a pre-configured policy within the code management tools. After the initial configuration, AST scan activity is performed hands-off with no human intervention required, beyond a pull request initiated by a developer.

As if it couldn’t get any easier, modern automation tools also allow developers to:

  • Catch and fix vulnerabilities during the coding phase (the earliest stage of development).
  • Work as usual with no disruptions, no new tools, no additional security reviews needed, etc.
  • Treat security bugs and functional bugs alike, and allow them to immediately address those bugs within the code branch(es) they’re currently working on.
  • Reduce the overhead of manually opening, validating and closing security tickets, without spending countless hours in bug tracking or ticketing management systems.

Erasing the Line in the Sand Leads to True DevSecOps 

Advanced automation tools eliminate the manual and time-consuming configuration per project within DevOps, thereby removing the friction between developers and DevOps teams when needing to add scanning steps into the jobs of all CI pipelines. Adding jobs or steps to scan code is challenging using the traditional CI-scan model. Advanced automation tools ultimately break down barriers between teams and allow them to play better together and achieve true DevSecOps integration.

Read More:   Update Why NVMe Is a Better Choice for Your Data Center

At the end of the day, shifting left and automating your CI/CD pipeline will dramatically improve the integration of security within the SDLC. Organizations can instantly onboard their development, security, and operations teams and simplify the governance of their security policies and DevSecOps processes. The traditional AST solution providers are leaving developers behind because without the ability to scan source code directly in your environment, you’re left having to manually process scans — leaving a lot of room for marginal error and adding a lot of time to your end-delivery date.

If I can leave you with one thing, it’s that integration is key to automation and the tools you use should enable the most shift left approach possible, where automation can occur within the SDLC — changing the way AST solutions are embedded within all DevOps environments.

List of Keywords users find our article on Google:

linkedin scan code
codingphase
checkmarx scan
devops engineer san francisco
scansource
“checkmarx”
“advanced automation”
intégration de facebook leads avec gitlab
ats automation jobs
scansource jobs
what time is it in ast
checkmarx review
ansible yes vs true
codingphase review
welcome to facebook bug
devops icon
devsecops end-to-end encrypted messaging
application security testing gartner
ast time now
balanced development automation
gartner application security testing
qc design school reviews

Source: InApps.net

Rate this post
Content writer

Let’s create the next big thing together!

Coming together is a beginning. Keeping together is progress. Working together is success.

Let’s talk

Get a custom Proposal

Please fill in your information and your need to get a suitable solution.

    You need to enter your email to download

      Success. Downloading...