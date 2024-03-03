Find it and fix it faster

The report highlights the importance of accelerating risk detection and time to resolution, particularly in organizations with frequent releases or continuous integration and continuous deployment (CI/CD) pipelines. According to survey respondents, organizations are inclined toward a three-step approach for realizing AppSec measures that don’t impede DevOps workflows.

Eliminate friction across the pipeline. Integrating security testing, such as static application security testing (SAST), software composition analysis (SCA), and interactive application security testing (IAST) optimizes risk visibility while minimizing potential obstacles to the development and release process. With integrated analysis at each stage of the SDLC and CI/CD pipelines, organizations are automating security risk assessment and closing feedback loops with development more quickly.

Establish a culture of DevSecOps. Developer security awareness was emphasized by respondents as a key to successful DevSecOps initiatives, fostered by immediate alerting to detected risks as early as possible for quick resolution. Many have begun cultivating developer security capabilities with secure coding education to accelerate code fixes and to prevent issues as developers write initial code.

Architect security for scale and flexibility. Respondents noted the importance of integration and automation to their DevSecOps initiatives, as well as the detriment of managing many diverse security testing tools. Balancing security gates with the evolution of DevOps workflows, development projects, supported technologies, and business drivers is essential to avoiding the need to architect a new DevSecOps initiative before the current one has delivered a return.

Respondents also recognized the value of prioritized risk information and remediation guidance across teams, mechanisms that both reduce distraction and clearly define a path to resolution. The report underscores the importance of organizational alignment, showcasing efforts to cultivate security champions and establish cross-functional DevSecOps teams for enhanced visibility into risks at every stage, ensuring secure and streamlined pipelines.