• Home
  • >
  • DevOps News
  • >
  • How Automation Can Help to Close the Security Loop – InApps 2022

How Automation Can Help to Close the Security Loop – InApps is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn How Automation Can Help to Close the Security Loop – InApps in today’s post !

Read more about How Automation Can Help to Close the Security Loop – InApps at Wikipedia



You can find content about How Automation Can Help to Close the Security Loop – InApps from the Wikipedia website

GitLab sponsored this podcast.

The developers create the best software they can and rely on continuous delivery (CD) tools to deliver faster and faster, with code updates taking minutes — as opposed to days compared to the past — to implement. Many of the silos have been removed between the different DevOps teams thanks largely by relying on Git as the code is accessed, shared and updated in real-time among the different stakeholders. But for whatever reason, security processes remain absent from the production pipeline, especially at the beginning stages of development.

A fundamental, yet continued, flaw in DevOps is how security is “completely misunderstood,” Philippe Lafoucrière, distinguished engineer, GitLab, said. “We leave security processes at the very end of the software production process,” Lafoucrière said. “And that leads to different timelines.”


Security Automation and Closing the Software Development Life Cycle Loop

Also available on Apple Podcasts, Google Podcasts, Overcast, PlayerFM, Pocket Casts, Spotify, Stitcher, TuneIn

In short, closing the security loop involves implementing security processes at the very beginning of the development process — and only automation can ultimately accomplish that. This was the main theme of this episode of InApps Makers podcast, hosted by Alex Williams, founder and editor in chief of InApps, during  GitLab Commit in Brooklyn, New York last month. On hand to offer their input were Lafoucrière and Shamiq Islam, head of application, blockchain, and infrastructure security, for Coinbase.

Read More:   Integrating Security into Build Processes Signals DevSecOps Tipping Point – InApps 2022

The wrong way to attempt to close the security loop is by relying on mostly manual or semi-manual security processes when “a security person has some tools to assist them in their job…but primarily, it’s still a human doing the work,” Islam said. When security is not automated, there remains more “generic dev work that’s going into the production of software,” than there is “relative security resources to make sure it’s secure,” Islam said. “It’s almost like when you wouldn’t paint the house until the house is mostly done,” Islam said. “But what we’re saying is no, this isn’t paint, this is structure, right, and we actually need to bring in the [security] resources early — we can talk about paint later.”

Automating security involves and implementing it at the beginning of the production process ultimately results in “a single loop where we can involve all the stakeholders at the same time,”  Lafoucrière said. “And when we merge something, in a project, we want to have all the decisions being taken at that point,” Lafoucrière said. “You always move forward so that if you want to change something, you create a new loop, we involve all the stakeholders again and you can move forward from there,” Lafoucrière said.

This continual collaborative structure with Git as the focal point should also allow the security teams to enter the collaborative process at the same time the developers do. One way to make that happen to invest “in tooling and in libraries that have made it very easy for our dev team to basically automate a way,” Islam said. “And so what we decided was any place where we could, we would build the library, because it would have a higher return and we’d be able to, at a minimum, create a template and drive that template with other teams. ”

Read More:   Update PostgreSQL Gets a Fix for a Passwordless Authentication Flaw

In this Edition:

  • 2:43: The blockchain perspective on security lifecycle.
  • 5:07: The engineering disconnect.
  • 12:02: Tools that automate security.
  • 15:45: Different approaches to improving your own software development life cycle.
  • 18:32: Key themes.
  • 22:13: New mechanisms in scanning tools to root out anomalies.



Source: InApps.net

Rate this post
As a Senior Tech Enthusiast, I bring a decade of experience to the realm of tech writing, blending deep industry knowledge with a passion for storytelling. With expertise in software development to emerging tech trends like AI and IoT—my articles not only inform but also inspire. My journey in tech writing has been marked by a commitment to accuracy, clarity, and engaging storytelling, making me a trusted voice in the tech community.

Let’s create the next big thing together!

Coming together is a beginning. Keeping together is progress. Working together is success.

Let’s talk

Get a custom Proposal

Please fill in your information and your need to get a suitable solution.

    You need to enter your email to download

      Success. Downloading...