With GitLab, DevSecOps architecture is built into the CI/CD process. Every merge request is scanned through its pipeline for security issues and vulnerabilities in the code and its dependencies using automated tests.

Gitlab Enterprise security scanning

In the traditional IT dev process. Security gets involved at the end of the stack (of an application or software). Every now and then, the Dev team will request security scans of their applications from the security teams. This applies even in a team that works in DevOps fashion.

This is where Development, Security, and Operations aka DevSecOps comes in.

What is DevSecOps?

DevOpsand DevSecOps methodologies share similar aspects, including the use of automation and continuous processes for establishing collaborative cycles of development. However, while DevOpsprioritizes delivery speed, DevSecOps builds on the cultural changes of DevOps to integrate the work of security teams sooner rather than later.

DevSecOps consists of integrating IT security practices into the full life cycle of your application. To put it simply, It means thinking about application and infrastructure security from the start. Instead of isolating the role of the security team in the final stage of development. Security is considered a shared responsibility to be integrated from end to end.

This also involved automating some security gates to keep the DevOps workflow from slowing down; such as automated testing or scanning every time a developer pushes new code to your app CI/CD pipeline. These practices will provide better visibility to things such as vulnerabilities, code coverage, and risks.

#devops #devsecops #gitlab #security