As applications continue to move online, more companies and development teams are adopting a process of continuous software development and deployment, such as DevOps.
In such an environment, improving code security requires more than just the regular application testing. While there are a number of tools that are built by security vendors that are supporting security professions, developers need a different set of tools when it comes to DevOps and application security, because security must be continuous as well, says Derek Weeks, vice president and DevOps advocate for software-management firm Sonatype.
While many DevOps security tools cost money, developers have a lot of open-source choices as well. Companies do not have to break the bank on services and software to better secure their development process and the code it produces.
Securing code in a DevOps development environment requires managing the software supply chain and checking the security of common components and framew continue reading →