DevSecOps Lunch and Learn four-part Series
Part 1 - Integration of Automated Security Tools in CI/CD Pipelines
Development organizations continue to implement security earlier in the continuous integration/continuous delivery (CI/CD) pipeline. And the benefits of integrating application security (AppSec) tools in the CI/CD pipeline increase the further you shift left in the process. But software security group leaders need to know where AppSec tools should go in the CI/CD workflow, as well as their purposes in different phases. This first part of the webinar series answers some essential questions:
- How do you pick the right application security tools for your CI/CD pipeline?
- Where should you integrate your tools in the pipeline?
- How should you configure the tools?
Part 2 - Common Challenges of Operationalizing Integration
In this second part of the webinar series, learn how to build security tools into a continuous integration/continuous delivery pipeline. Topics covered include:
- How can you ensure that release cycles are not slowed down?
- How should you manage false positives?
- How do you satisfy compliance needs?
Part 3 - Reduce the Burden on Developers With Automation
Developers are often taught to emphasize functionality over security, and many developers aren’t security experts. For this reason, it’s crucial to ensure they stay aware of the risks of vulnerable code. But training materials are often static and inconvenient to access, using the internet for guidance isn’t consistent or reliable, and remediation advice from tools isn’t necessarily project-aware or product-specific. And unfortunately, security experts are often seen as an impediment to business goals, and they may not be experienced developers. The third part of the webinar series covers developer enablement and avoiding defect management overload.
Part 4: Automate the Initiation and Management of Out-of-Band AppSec Activities
The final part in the webinar series provides real-world guidance on how to balance application security activities, including both those that are automated and run inline in your CI/CD pipelines, and the out-of-band activities that are traditionally executed manually. Implementing security gates at strategic places in the CI/CD pipeline to break the build when critical and high vulnerabilities are found keeps teams informed and reduces communication overhead. Just as there must be continuous integration, continuous delivery, and continuous deployment, there also must be continuous collaboration, and continuous communication across development, security, and operations teams.