Add Security Testing Tools to Your Delivery Pipeline
Developing a delivery pipeline means more than just adding automated deploys to the development cycle. To be successful, quality testing of all types must be incorporated throughout the process to ensure that problems aren’t slipping through. Those checks must include security, or you risk developing insecure software. Fortunately, the delivery pipeline opens up opportunities to add more security testing to the delivery process. Continuous integration builds can add static analysis tools to test for simple security errors and check if components with known vulnerabilities are being used. Gene Gotimer introduces several types of open-source and free security testing tools, that can be quickly added to a delivery pipeline. Security tools reduce the initial investment of both time and money, and help eliminate some barriers to adding security testing to the process.