Modal Title
CI/CD / Security

Add It Up: Integrating Security into the Development Pipeline

DevOps teams are more likely to have security tools properly integrated in their development pipeline, but many still struggle to do it well.
Apr 30th, 2020 11:27am by
Featued image for: Add It Up: Integrating Security into the Development Pipeline

Integrating security tools within development pipelines continues to be challenging. Less than 60% of companies with mature DevOps practices have correctly integrated the average security tool, according to the 2020 DevSecOps Community Survey. The actual figures drop dramatically from there; companies that haven’t embraced the DevOps mantra of cross-team communication are often twice as likely to not have security tools properly integrated.

Not all of the tools in this chart have to be integrated into every stage of the SDLC.

If there wasn’t a cost involved, DevOps pros would integrate anything and everything they can into their pipeline. In a recent conversation with Derek Weeks, from DevOps automation company Sonatype, he explained: “If you integrate something in that’s going to take two hours to analyze and yet you’re releasing every hour, no one wants that tax.” Consequently, developers will find a workaround to the integrated tool.

By their very nature, software composition analysis and container security tools need to be integrated into CI/CD pipelines. Their effectiveness depends on the degree to which they are automated and buy-in form all relevant stakeholders. To better understand this subject, we’ve are asking readers to participate in a one-minute poll about security in CI/CD pipelines.

Feature image via Pixabay.

Sonatype is a sponsor of The New Stack.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.