NewsHow to Do DevSecOps, According to Gartner

How to Do DevSecOps, According to Gartner content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Gartner has published a new guide for enterprises looking to use DevSecOps approaches that incorporate security into DevOps. According to the report, “In the past 12 months at Gartner, how to securely integrate security into DevOps — delivering DevSecOps — has been one of the fastest-growing areas of interest of clients, with more than 600 inquiries across multiple Gartner analysts in that time frame.” It suggested enterprises take the following 10 steps if they want to be successful with DevSecOps:

  1. Adapt your security testing tools and processes to the developers, not the other way around.
  2. Quit trying to eliminate all vulnerabilities during development.
  3. Focus first on identifying and removing the known critical vulnerabilities.
  4. Don’t expect to use traditional DAST/SAST without changes.
  5. Train all developers on the basics of secure coding, but don’t expect them to become security experts.
  6. Adopt a security champion model and implement a simple security requirements gathering tool.
  7. Eliminate the use of known vulnerable components at the source.
  8. Secure and apply operational discipline to automation scripts.
  9. Implement strong version control on all code and components.
  10. Adopt an immutable infrastructure mindset.

View article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories