Skip to main content

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Sep 11, 2019 — DevOps Expert

Integrate Compliance and Security Testing into Continuous Delivery

DevOps

As any bread baker knows, there are four fundamental ingredients to any loaf: flour, yeast, water, and salt. Software delivery, like a great loaf of bread, requires a solid structure to ensure that what comes out of the oven tastes good every time. And good software is not just about a nice-looking package; it has to be secure as well. This series focuses on the four key ingredients needed to bake security and compliance into your software delivery processes.

We discuss ingredient 1 here. Time to add ingredient 2:

Integrate automated compliance and security testing into Continuous Delivery processes

Automated testing is a proven best practice for teams that are adopting Continuous Delivery, so it’s natural for Development teams to automate compliance and security testing by using static code analysis tools such as Fortify, SonarQube, Checkmarx, and Black Duck. These tools make it easy to see whether a particular piece of code or application passes the compliance and security “taste test.” But they don’t integrate test results with other information that is relevant to the overall business software release, which makes it hard for stakeholders outside the Development team to use those results. 

In most enterprise environments, security and compliance evaluations don’t always produce a black-and-white, go-or-no-go decision. People such as product owners, release managers, security specialists, and compliance officers often decide whether or not a release can proceed despite negative compliance or security findings. 

These people are not as close to the development and testing processes as developers are. They don’t set up the automated testing tools, and they probably never review detailed logs of automated test results. But to make decisions about those results, they need to be able to see them and––more importantly––understand what they mean in the context of the features that are being delivered, or in the context of the release as a whole.

The XebiaLabs DevOps Platform automates the process of collecting release data and producing on-demand, real-time reports with the push of a button. All stakeholders—from product owners and release managers to security specialists and compliance officers—get the data they need to understand the complete picture of what happened in each and every release, readily available in a convenient spreadsheet format.

We’ll be covering the remaining ingredients in upcoming blog posts. Or you can read about them all right now by downloading the white paper below. 

Related Reading

 

 

More from the Blog

View more
Mar 01, 2021

Discover the change management practices that are ripe for optimization

DevOps
Change has become the most important part of modern digital product cr ...
Read More
Feb 22, 2021

Reckoning DevOps’ role in the enterprise value stream

DevOps
If you’re a software or digital solutions company, you may use DevOps ...
Read More
Feb 10, 2021

Customer spotlight: Schneider avoiding bumps in the road with DevOps adoption

DevOps
Everyone wants to deliver software faster and more reliably. Companies ...
Read More
Jan 06, 2021

How testing automation can build a culture of QA while accelerating continuous delivery

DevOps
An organization’s level of automated test coverage is quickly emerging ...
Read More
Contact Us