DevOps is a movement where operations and development work together throughout the entire software development lifecycle (SDLC) with the goal of producing higher quality software more efficiently. These goals cannot be realized without ensuring that the software being produced is secure. Security tools which enable high velocity and efficient detection of potential security vulnerabilities must be extensible to meet these requirements.
The old approach of hand-to-hand combat to serve an army of developers/testers/operations with very limited appsec specialists is not the most efficient way for appsec. We don’t have enough appsec specialists and there will never be enough of them to serve this outdated approach. (At least not anytime soon!)
We need to leverage integrations to make appsec available and consumable by DevOps. We can rely on automation (for repetitive tasks) to increase efficiency and accuracy. When armed with the right integrations, automation, and extensible APIs, application security can be scaled to cover all projects and applications while still being managed with few appsec specialists.
Fortify has been a pioneer in providing integrations with development, testing, and operations tools. Other vendors are beginning to take gradual steps (better late than never) to provide integrations capabilities to serve development, test, and operations.
Here are a few examples of how you can empower DevOps using Fortify Tools and integrations. Look for these blog posts in the coming weeks.