Shifting Left with SCMs: Navigating DevSecOps' New Frontier
DevSecOps applies application security testing during the CI stage to put "Sec" into DevOps, so to speak. Security tools must provide meaningful, actionable results in return. In this presentation, I'll explain why development teams are increasingly turning to source code management (SCM) platforms to achieve their DevSecOps goals. Additionally, I'll provide examples of SCMs - such as GitLab and GitHub - who are modernizing and transforming their approach to DevSecOps by injecting automated security scans directly within. From there, I'll explain how Checkmarx brings SAST, SCA, and AppSec training into these respective platforms, challenges that were encountered along the way with security integration, and how we navigated them to provide the best, and most secure, developer experience.
See Also: The 5 Foundational DevOps Practices
Ancillary topics covered will include:
- Merge requests discussions
- Vulnerability management
- Integration with GitLab and GitHub dashboards
- Checkmarx's underlying automation and orchestration capabilities