Skip to main content
DevOps icon showing cogs

This post is from the XebiaLabs blog and has not been updated since the original publish date.

Last Updated Sep 11, 2019 — DevOps Expert

Integrate Compliance and Security Testing into Continuous Delivery

DevOps

As any bread baker knows, there are four fundamental ingredients to any loaf: flour, yeast, water, and salt. Software delivery, like a great loaf of bread, requires a solid structure to ensure that what comes out of the oven tastes good every time. And good software is not just about a nice-looking package; it has to be secure as well. This series focuses on the four key ingredients needed to bake security and compliance into your software delivery processes.

We discuss ingredient 1 here. Time to add ingredient 2:

Integrate automated compliance and security testing into Continuous Delivery processes

Automated testing is a proven best practice for teams that are adopting Continuous Delivery, so it’s natural for Development teams to automate compliance and security testing by using static code analysis tools such as Fortify, SonarQube, Checkmarx, and Black Duck. These tools make it easy to see whether a particular piece of code or application passes the compliance and security “taste test.” But they don’t integrate test results with other information that is relevant to the overall business software release, which makes it hard for stakeholders outside the Development team to use those results. 

In most enterprise environments, security and compliance evaluations don’t always produce a black-and-white, go-or-no-go decision. People such as product owners, release managers, security specialists, and compliance officers often decide whether or not a release can proceed despite negative compliance or security findings. 

These people are not as close to the development and testing processes as developers are. They don’t set up the automated testing tools, and they probably never review detailed logs of automated test results. But to make decisions about those results, they need to be able to see them and––more importantly––understand what they mean in the context of the features that are being delivered, or in the context of the release as a whole.

The XebiaLabs DevOps Platform automates the process of collecting release data and producing on-demand, real-time reports with the push of a button. All stakeholders—from product owners and release managers to security specialists and compliance officers—get the data they need to understand the complete picture of what happened in each and every release, readily available in a convenient spreadsheet format.

We’ll be covering the remaining ingredients in upcoming blog posts. Or you can read about them all right now by downloading the white paper below. 

Related Reading

 

 

More from the Blog

View more
Ascension Launch Banner
Apr 26, 2022

Get ready for peak performance with Digital.ai’s newest AI-Powered DevOps Platform Ascension Release

DevOps
Today, Digital.ai is excited to announce our latest AI-Powered DevOps ...
Read More
Jan 24, 2022

Digital.ai Value Stream Delivery for SAFe®: The key to amazing business outcomes

DevOps
The Scaled Agile Framework (SAFe) is the world’s leading framework for ...
Read More
Dec 09, 2021

How SaaS and cloud-based solutions helped the U.S. Department of Veterans Affairs achieve digital transformation

DevOps
Modernizing legacy systems was an ongoing goal for the U.S. Department ...
Read More
Nov 29, 2021

Increase velocity and reduce risk with AI and machine learning

DevOps
Artificial Intelligence (AI) and machine learning (ML) have proven use ...
Read More
Contact Us