The DevOps Security Sweet Spot
Pull requests are the ideal trigger for your first security scanning.If you’re finding known static code vulnerabilities in production, then you’re finding them too late. On the other hand, if you’re inserting code analysis into developer IDEs, it’s too early. While in theory, the IDE is the earliest spot for security feedback. In practice, it slows down the developer’s machine and comes at a huge cost to productivity.
Report Snap Shot
- While pull requests are an ideal first touchpoint for security scans, by no means should they be the only touchpoint. There is no “silver bullet” when it comes to security testing.