In this episode of AppSec Decoded, we discuss how Intelligent Orchestration enables speed and scale in DevSecOps.
DevSecOps requires collaboration between security and development teams to ensure a secure software development life cycle (SDLC). It’s about baking security into every stage of the SDLC to detect defects early on, reducing costs and time to deployment.
The process sounds simple in theory: code is built, vulnerabilities are detected and resolved, and then the code is deployed. But it’s not quite that simple. Add dozens of pipelines, multiple tools, risk policies, new languages and frameworks, and an evolving threat landscape and you can see why pipelines get bogged down, development teams become overwhelmed with too much information, and vulnerabilities get overlooked.
How do you ensure the software you build is secure without affecting speed and efficiency in your pipelines?
Last week Synopsys announced a new application security orchestration solution called Intelligent Orchestration to address these DevSecOps challenges. It removes a lot of the risk and effort of adding security testing tools into development toolchains and workflows by creating a dedicated application security automation pipeline that runs parallel to build and release pipelines. It uses predefined risk policies to evaluate changes and other SDLC events and then trigger the right security tests at the right time. As a result, development teams receive the information that matters to them, and security teams can ensure compliance with their policies across all pipelines.
In our latest episode of AppSec Decoded, Patrick Carey, director of product marketing, spoke with the Synopsys team responsible for bringing Intelligent Orchestration to market. Hear from Meera Rao, senior director of product management; Simon King, vice president of solutions; and Drew Kilbourne, managing director of North America security consulting, as they discuss how Intelligent Orchestration helps address the challenges DevSecOps teams face and how this innovation is different from other application security test orchestration solutions.