Add Security Testing Tools to Your Delivery Pipeline
Developing a delivery pipeline means more than just adding automated deploys to the development cycle. To be successful, quality testing of all types must be incorporated throughout the process to ensure that problems aren’t slipping through. Those checks must include security, or you risk developing insecure software. Fortunately, the delivery pipeline opens up opportunities to add more security testing to the delivery process. Continuous integration builds can add static analysis tools to test for simple security errors and check if components with known vulnerabilities are being used. Gene Gotimer introduces several types of open-source and free security testing tools, that can be quickly added to a delivery pipeline. Security tools reduce the initial investment of both time and money, and help eliminate some barriers to adding security testing to the process.
Gene Gotimer is a senior architect at Coveros, Inc., a software company that uses agile methods to accelerate the delivery of secure, reliable software. As a consultant, Gene works with his customers build software better, faster, and more securely by introducing agile development and DevOps practices. He has many years of experience in web-based enterprise application design, and extensive experience establishing and using development ecosystems such as continuous integration, continuous delivery, DevOps, secure software development, source code control, build management, release management, issue tracking, project planning and tracking, and a variety of software assurance tools and supporting processes. Gene feels strongly the repeatability, quality, and security are all strongly intertwined; each of them is dependent on the other two, which just makes DevOps that much more crucial to software development.