Effective security testing is hard. It has become apparent that finding occurrences of vulnerabilities requires several types of testing activities to be included in the Continuous Integration (CI)/Continuous Delivery (CD) or Deployment (CD) pipeline. Security activities such as Static Analysis Security Testing (SAST), Dynamic Analysis Security Testing (DAST), Software Composition Analysis (SCA) are performed at different stages in the CI/CD pipeline to ensure adequate coverage of both the code, binaries, deployment environment and the security issues we wish to eradicate. Each security activity has its own cost, strengths, weaknesses, constraints, and time to run the tool that will influence how often you can deploy to your staging or production environment.
Building security automation into the DevOps pipeline is a key pain point for many organisations. A risk-based, intelligent, adaptive DevOps pipeline can close the gap between DevOps and security teams, helping DevOps teams accelerate deployment to production without compromising security. Implementing risk-based, adaptable, intelligence within the DevOps pipeline supports security activities by matching the team’s velocity, providing continuous intelligent feedback, continuous learning, continuous metrics and continuously supporting organisations as they scale their security testing activities.
Presented by
Meera Rao,
Senior Director Product Management
Ms. Meera Rao is a Senior Director Product Management focusing on DevOps solutions at Synopsys, Inc. Ms. Meera has over 20 years of experience in software development organisations in a variety of roles including Architect, Lead Developer, and Project Manager, and Security Architect.
Ms. Meera has been working as a trusted adviser to Fortune 500 companies helping them achieve realistic goals for practical CI/CD & DevSecOps. She advises organisations in defining, implementing, maturing, scaling and measuring DevSecOps.
She is very passionate about getting more women working in the technology industry. Meera was awarded the SecDevOps Trailblazer award from SecuritySerious in London in 2018.