DevSecOps - Integrating Static Application Security Tools (SAST) in DevSecOps

January 21, 2020

Teams are continuously trying to improve their tools, methodologies and processes, and this is where DevOps has sprouted from, the combination of software development and systems operations to make sure that software development is not done in a vacuum, but in combination with the teams that operate these systems in the real-world.

The next step in this improvement of software development methods is DevSecOps, where Security is included as a critical part of the development process. The realization here is that a security failure is the same, or worse, as a quality failure. Defects in fielded product impact the bottom line as well as company reputation. It is even worse, if a review after the fact determines that these defects could have easily be avoided.

This paper takes a look at the role of static application security testing tools (SAST) and in particular GrammaTech CodeSonar and how it can be used in DevSecOps and continuous development pipelines to improve quality and security and ultimately, make teams more competitive in getting market leading solutions out the door quicker.

Previous White Paper
Enhancing Code Reviews with Static Analysis - GrammaTech
Enhancing Code Reviews with Static Analysis - GrammaTech

This paper discusses how static analysis tools provide an ideal (and automated) companion to code reviews b...

Next White Paper
Challenges in the development of an industrial PC based on COM
Challenges in the development of an industrial PC based on COM

Standards like COM Express exist for making customer-specific small form factor solutions that reduce user‘...