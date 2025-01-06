Black Duck’s annual “Global State of DevSecOps” report surveys more than 1,000 software developers, application security professionals, chief information security officers, and DevOps engineers. This year, it returned three areas of particular concern.

Large amounts of noisy, unclear test results continue to slow down security teams’ prioritization and impede developers’ remediation workflows.

AI code development has renewed the historical friction between security and development teams.

Implementing a more integrated, automated DevSecOps strategy is essential to securing faster, AI-enabled pipelines.

The good news is that organizations are continuing to integrate security into DevOps processes. The survey found that 35% of respondents prioritized automation and making test configuration easy for increased adoption. In addition, the survey found that centralizing security testing and consolidating vendors can significantly enhance an organization's ability to protect its digital assets, simplify management, improve coordination, and potentially reduce costs.

Centralizing security tools, in this context, means configuring and coordinating the various types of requisite security tests using policies, automation, an application security testing (AST) platform that can trigger diverse scans, or a combination of them all. Centralization makes it easier to configure security tests and triage their results. This reduces the complexity associated with managing multiple systems, facilitates scan integration at each stage of the pipeline, and ensures that security policies are consistently applied across the organization. With centralized AST, security efforts can be more easily coordinated, reducing the likelihood of gaps or overlaps in security coverage.

Despite these gains in operational efficiency, though, organizations are still struggling with the challenges posed by too many tests, too many results, and too much noise.