Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
At work, but not for production apps
I don’t use WebAssembly but expect to when the technology matures
I have no plans to use WebAssembly
No plans and I get mad whenever I see the buzzword
CI/CD / Security

Add It Up: Integrating Security into the Development Pipeline

DevOps teams are more likely to have security tools properly integrated in their development pipeline, but many still struggle to do it well.
Apr 30th, 2020 11:27am by
Featued image for: Add It Up: Integrating Security into the Development Pipeline

Integrating security tools within development pipelines continues to be challenging. Less than 60% of companies with mature DevOps practices have correctly integrated the average security tool, according to the 2020 DevSecOps Community Survey. The actual figures drop dramatically from there; companies that haven’t embraced the DevOps mantra of cross-team communication are often twice as likely to not have security tools properly integrated.

Not all of the tools in this chart have to be integrated into every stage of the SDLC.

If there wasn’t a cost involved, DevOps pros would integrate anything and everything they can into their pipeline. In a recent conversation with Derek Weeks, from DevOps automation company Sonatype, he explained: “If you integrate something in that’s going to take two hours to analyze and yet you’re releasing every hour, no one wants that tax.” Consequently, developers will find a workaround to the integrated tool.

By their very nature, software composition analysis and container security tools need to be integrated into CI/CD pipelines. Their effectiveness depends on the degree to which they are automated and buy-in form all relevant stakeholders. To better understand this subject, we’ve are asking readers to participate in a one-minute poll about security in CI/CD pipelines.

Feature image via Pixabay.

Sonatype is a sponsor of The New Stack.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.