The term DevSecOps is a contraction of developer, security and operations. Despite the buzzword hype, it does have positive implications for improving the quality, security and functional safety of embedded software applications. Many organizations have adopted DevOps over the past years and integrated their continuous integration and deployment processes. However, in many cases, security has been left out of this integrated pipeline only to cause issues in production environments which are then costly and time-consuming to fix. In DevSecOps, companies are aiming to put security as a primary concern into the everyday processes by addressing security throughout software development life cycle (SDLC).
This post looks at the role of static application security testing (SAST) solutions such as GrammaTech CodeSonar, and how testing, process and pipeline integrations are key to success with DevSecOps.
More content can be found here.