Skip to main content
DevOps Image

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Sep 11, 2019 — DevOps Expert

Integrate Compliance and Security Testing into Continuous Delivery

DevOps

As any bread baker knows, there are four fundamental ingredients to any loaf: flour, yeast, water, and salt. Software delivery, like a great loaf of bread, requires a solid structure to ensure that what comes out of the oven tastes good every time. And good software is not just about a nice-looking package; it has to be secure as well. This series focuses on the four key ingredients needed to bake security and compliance into your software delivery processes.

We discuss ingredient 1 here. Time to add ingredient 2:

Integrate automated compliance and security testing into Continuous Delivery processes

Automated testing is a proven best practice for teams that are adopting Continuous Delivery, so it’s natural for Development teams to automate compliance and security testing by using static code analysis tools such as Fortify, SonarQube, Checkmarx, and Black Duck. These tools make it easy to see whether a particular piece of code or application passes the compliance and security “taste test.” But they don’t integrate test results with other information that is relevant to the overall business software release, which makes it hard for stakeholders outside the Development team to use those results. 

In most enterprise environments, security and compliance evaluations don’t always produce a black-and-white, go-or-no-go decision. People such as product owners, release managers, security specialists, and compliance officers often decide whether or not a release can proceed despite negative compliance or security findings. 

These people are not as close to the development and testing processes as developers are. They don’t set up the automated testing tools, and they probably never review detailed logs of automated test results. But to make decisions about those results, they need to be able to see them and––more importantly––understand what they mean in the context of the features that are being delivered, or in the context of the release as a whole.

The XebiaLabs DevOps Platform automates the process of collecting release data and producing on-demand, real-time reports with the push of a button. All stakeholders—from product owners and release managers to security specialists and compliance officers—get the data they need to understand the complete picture of what happened in each and every release, readily available in a convenient spreadsheet format.

We’ll be covering the remaining ingredients in upcoming blog posts. Or you can read about them all right now by downloading the white paper below. 

Related Reading

 

 

More from the Blog

View more
Sep 13, 2021

The Expedited Journey of Digital Transformation

DevOps
Alan Brown, Digital Transformation Advisor at Digital.ai conducts a se ...
Read More
Aug 23, 2021

Is Data Analytics Missing From Your Digital Transformation?

DevOps
Nearly every major enterprise is already in the process of digital tra ...
Read More
Aug 19, 2021

Creative Ways to Automate Developer Workflows

DevOps
When an organization begins an Agile or DevOps journey, the process ca ...
Read More
Aug 12, 2021

How Automation Enhances Efficiency and Delivery Speed In a DevOps Environment

DevOps
When organizations make the decision to move to a DevOps environment, ...
Read More
Contact Us