Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors. Continuous integration builds and tests code automatically, while continuous delivery automates the entire software release process up to production. In order to secure it, industry leaders produced the DevSecOps workflow. Take a look at how it works and why it matters.
The CI/CD pipeline provides several benefits for software development. These include smaller code changes, faster mean-time-to-resolution for problems, greater test reliability, faster release rates, smaller software backlog and greater customer satisfaction.
Unfortunately, attackers are exploiting the weaknesses in the CI/CD pipeline and other DevOps infrastructure, too. They can steal information, mine cryptocurrency and inject malware into software.
Recently, threat actors breached an uploader popular with developers. They stole credentials and application programming interface tokens from customer environments. The attackers were able to export information stored in users’ CI/CD environments until the breach was discovered months later.
DevSecOps to the Rescue
DevSecOps addresses vulnerabilities in software development in this new environment. It builds on the best practices of DevOps to keep the development workflow from slowing down while ensuring security.
DevSecOps inserts security audits and penetr ..
Support the originator by clicking the read the rest link below.
