DevSecOps

Automated solutions replace static and dynamic security testing in DevOps

In 2019 more than 70% of enterprise DevOps initiatives will have incorporated automated security vulnerability and configuration scanning says research firm Gartner. Traditional static or dynamic application security testing is too heavyweight, complex and won't work or scale for DevSecOps. As already found in an earlier study production applications contained at least one OSS  (open source software) component with known security flaws classified as "severe" or "critical."

 Gartner recommends to make OSS software module identification, configuration and vulnerability scanning short- and mid-term a priority.

Current figures concerning vulnerability for downloads such as Maven are mentioned in the Gartner-report " DevSecOps: How to Seamlessly Integrate", available from our partner Sonatype for download here.