Updates this week from key cybersecurity players in the DevOps software space, WhiteSource and Trend Micro, point to a growing call for security as a priority in DevOps cycles.
On Monday, open-source security leader Whitesource announced two new integrations for GitLab server and Eclipse IDE. This new functionality, part of the company's WhiteSource for Developers product, allows more developers to manage open-source security risks directly from within their development pipeline.
In that same vein, on Tuesday, Trend Micro announced a partnership with Snyk to unite efforts toward open-source security as an integrated part of the DevOps environment. Container security vendor Snyk raised $70 million in funding last month, expanding the company's presence in the DevOps space.
These announcements reflect a rising trend in the DevOps space focusing on security, which some refer to as DevSecOps. Hopefully this clumsy sandwich of a term doesn’t stick, but the principle behind it is valid: high-quality, open-source security should be baked into the DevOps cycle.
What is DevSecOps?
DevSecOps is the marriage between software security and the DevOps cycle. Just as DevOps refers to the melded collaboration between development and operations teams, DevSecOps brings security teams into the mix to encourage secure code.
There are already a number of products on the market that hope to make this principle a reality. Tools like software composition analysis and vulnerability scanners can integrate with development environments to scan for and mitigate security risks. The adoption of these tools is critical for development teams that want to stay on top of security while keeping their CI/CD pipelines running smoothly.
Consistent, high-quality cybersecurity practices in the DevOps space are still far from the norm, but these developments point to a positive trend.
by Courtney Moran
by Merry Marwig, CIPP/US