Updates this week from key cybersecurity players in the DevOps software space, WhiteSource and Trend Micro, point to a growing call for security as a priority in DevOps cycles.
On Monday, open-source security leader Whitesource announced two new integrations for GitLab server and Eclipse IDE. This new functionality, part of the company's WhiteSource for Developers product, allows more developers to manage open-source security risks directly from within their development pipeline.
These announcements reflect a rising trend in the DevOps space focusing on security, which some refer to as DevSecOps. Hopefully this clumsy sandwich of a term doesn’t stick, but the principle behind it is valid: high-quality, open-source security should be baked into the DevOps cycle.
What is DevSecOps?
DevSecOps is the marriage between software security and the DevOps cycle. Just as DevOps refers to the melded collaboration between development and operations teams, DevSecOps brings security teams into the mix to encourage secure code.
There are already a number of products on the market that hope to make this principle a reality. Tools like software composition analysis and vulnerability scanners can integrate with development environments to scan for and mitigate security risks. The adoption of these tools is critical for development teams that want to stay on top of security while keeping their CI/CD pipelines running smoothly.
Consistent, high-quality cybersecurity practices in the DevOps space are still far from the norm, but these developments point to a positive trend.
Adam is a research analyst focused on dev software. He started at G2 in July 2019 and leverages his background in comedy writing and coding to provide engaging, informative research content while building his software expertise. In his free time he enjoys cooking, playing video games, writing and performing comedy, and avoiding sports talk.