What Is Continuous Integration and How Does It Work? | Synopsys
Table of contents

Definition

Continuous integration (CI) is a development practice where development teams make small, frequent changes to code. An automated build verifies the code each time developers check their changes into the version control repository. As a result, development teams can detect problems early. Continuous integration is the first part of CI/CD, a practice that enables application development teams to release incremental code changes to production quickly and regularly.

The goal of continuous integration

According to InfoWorld, the goal of CI is “to establish a consistent and automated way to build, package, and test applications, leading to better software quality.” Co-author of “Continuous Integration: Improving Software Quality and Reducing Risk” Paul Duvall notes that best practices of CI include:

  • Frequent code commits
  • Developer test categorization
  • A dedicated integration build machine
  • Continuous feedback mechanisms
  • Staging builds


<p>This eBook details three ways of achieving security with speed. </p>
<ul>
<li>Run the right test at the right time and to the right depth</li>
<li>Align remediation efforts with business risks</li>
<li>Empower developers to secure code as fast as they write it  </li>
</ul>

The Top Three Ways to Build Security into DevOps

This eBook details three ways of achieving security with speed. 

  • Run the right test at the right time and to the right depth
  • Align remediation efforts with business risks
  • Empower developers to secure code as fast as they write it  

How to secure continuous integration

CI/CD focuses on speed in the software development and deployment process. Security traditionally does not. The challenge is to secure CI without affecting the speedy delivery of software. That’s where DevSecOps comes in. DevSecOps build on the idea that “everyone is responsible for security” with the goal of safely distributing security decisions at speed and without sacrificing the safety required.

Static application security testing (SAST) is a testing methodology that analyzes source code to find security vulnerabilities that make your organization’s applications susceptible to attack. Because SAST takes place very early in the software development life cycle (SDLC), it helps developers identify vulnerabilities in the initial stages of development and quickly resolve issues without breaking builds or slowing the path to the final release of the application.

Similarly, software composition analysis (SCA) helps organizations build application security into their CI/CD pipeline. SCA provides a comprehensive solution for early management of risk that comes from the use of open source and third-party code in applications and containers.


Continue reading

Solution
Application Security Testing Tools
Solution
Managed Application Security Testing Services
Analyst Report
2022 Gartner® Magic Quadrant™ for Application Security Testing