In the past, the CI/CD pipelines were simply a place to integrate code. Developers would write their code in GitHub, pass it through the pipeline, and then deploy it. However, with the emergence of shift left security and newer automation practices, the pipeline has become a much more critical piece of the software delivery lifecycle.
“The delivery of the software through the pipeline also has to be secure and compliant,” said Tim Johnson, Product Manager at DevOps solutions company CloudBees. “As well as what it is doing beyond just the simple CI aspect of it. So now you get into things like security and testing automation, software composition analysis, static analysis, dynamic analysis, and all other things that need to be done to get that software through.”
In this solutions guide, you will learn specifics about:
Download it today!
Defining a plan to improve developer security maturity is no easy task when you still have compliance requirements and release deadlines to meet. But it is a worthy one that will pay dividends in improved productivity and reduced risk.
In this guide, we explore the lessons learned from three real-life Secure Code Warrior customers so you can start to assemble a secure code training blueprint for your organization.
Discover:
Modern development strategies employ different tactics to deliver code more quickly, from agile planning to cross-functional teams to ‘shift left’. Unit testing has an important role to play, accelerating cycle times by detecting regressions at the earliest possible stage. Since testing remains a significant bottleneck in most CI pipelines, the gains can be significant.
But the effort of writing and maintaining tests can offset the benefits: it’s not unusual for Java developers to spend up to 50% of their time working on unit tests instead of on value-adding code changes. And that still might not be enough to get good code coverage!
That’s why modern Java pipelines include integrated, AI-assisted coding that removes the effort from unit testing and accelerates development.
Join this webinar to learn:
AVAILABLE NOW
Declarative pipelines provide a more modern, opinionated approach to pipeline creation and management. But what are they really? What benefit do they bring to your CI/CD processes?
Our three expert panelists discussed:
Watch the webinar on demand any time!
Each year, attacks on mobile applications steadily increase. The costs to businesses in terms of lost customers, compensation, reputation damage, and regulatory fines make lax mobile app security a significant risk factor. Ensuring effective mobile app security, however, presents a major challenge for many organizations.
Download this mobile app security guide to learn:
Building security maturity in development teams can be approached in stages. Based on Secure Code Warrior’s experience with 400+ organizations, we’ve identified the common practices and traits in three different stages of security maturity – defining, adopting, and scaling.
How security-savvy are your development teams?
By assessing and understanding a development team’s security maturity, organizations can formulate a plan, with the right stakeholders, process, and technology to build and support the necessary skills and capabilities.
This whitepaper explores:
SAST is a vulnerability scanning method that identifies risks early in the CI pipeline or within the IDE. As security moves right, coverage becomes increasingly challenging by implementing security earlier in the development cycle with the use of SAST, SCA & QA – it automatically reduces the remediation work that can arise later in the cycle.
Because half of web application vulnerabilities are critical or high-risk, this raises an important challenge for developers. Time to remediation for vulnerabilities is over 60 days. Kiuwan can prevent common vulnerabilities through a combination of SAST, SCA & QA. Watch this short webinar to learn more about Kiuwan and how their method and products reduces remediation time and accelerates critical fixes – by doing everything upfront!
Welcome to !hooked, Guardsquare’s technical magazine featuring hands-on labs.
In this issue, the labs cover code checksumming, control flow (non-)integrity in Android applications, native library encryption, and encrypting Objective-C selectors.
Dive in, learn about the issues, and work through the solutions in these labs.
How do you scale your testing to realize the full value of DevOps? In this session, Ethan Chung, Solutions Architect Manager at Keysight Technologies, will show how to expand testing coverage across complex applications with intelligent automation.
Watch now to learn the basics of automation right through to building sophisticated test cases that integrate with any DevOps pipeline.
