There is an ongoing debate over what term is best: DevSecOps, SecDevOps, or even to drop “sec” altogether since it should be ubiquitous. DevSecOps places security in the middle of the DevOps effort, which is where it rightly belongs. While transparent and a natural part of the process, it should be top of mind and not buried. Security needs to be everyone’s responsibility. With automation of processes and policies, it can be much easier to arm developers and security pros alike with the information they need in order to meet this responsibility.
GitLab provides an end-to-end secure software solution that helps you plan, create, deploy, secure, and manage your modern software and the infrastructure upon which it relies. It also offers the visibility and controls necessary to protect the integrity of your software factory and its deliverables.
GitLab has been a catalyst for change when it comes to the evolution of DevSecOps versus traditional application security testing.
Let’s look at why companies are choosing GitLab to implement their DevSecOps strategies:
Security testing
-
Old: Security testing is performed by security pros, using their own tools, usually at the end of a development cycle.
-
New: Security testing is automated within the CI pipeline with findings delivered to the developer while they are still iterating on their code. Findings are limited to new vulnerabilities introduced in this code change making it highly clear and actionable for the developer to correct the security flaws that they created without taking responsibility for the backlog of flaws and technical debt that already existed.
CI and security
-
Old: CI scripts might be used to call security scanners and pull the findings into the CI pipeline. Yet the two tools remain separated. Often elements are missing and integration must be maintained. Licenses of the CI tool and the scanners are separate and can be difficult to manage, especially when they charge by different variables (users, apps, code size).
-
New: United into a single tool, there is no costly integration to maintain and only a single license to manage.
Remediation
-
Old: Security pros must constantly track the remediation status of critical vulnerabilities (risk). The findings are in one tool, but the remediation effort is within the development team putting the two teams in a constant state of friction and inefficient communication.
-
New: By sharing a single tool, security pros can see the status of remediation for given vulnerabilities right in their dashboard. And, when GitLab issues are used, both teams can collaborate to work together on remediation.
With iTMethods you can run GitLab as a managed / SaaS service in the Cloud.
We deploy and manage GitLab to the highest standards on our Managed DevOps SaaS Platform. You’ll stay current, optimized and your software teams will be able to take full advantage of new GitLab features as they are released.
We are certified professionals in deploying and managing GitLab to some of the highest performance, availability and security requirements. GitLab can easily integrate with your other DevOps tools and environments into a seamless toolchain on our Managed DevOps SaaS Platform.