close search bar

Sorry, not available in this language yet

close language selection

|

Definition

Continuous integration (CI) is a development practice where development teams make small, frequent changes to code. An automated build verifies the code each time developers check their changes into the version control repository. As a result, development teams can detect problems early. Continuous integration is the first part of CI/CD, a practice that enables application development teams to release incremental code changes to production quickly and regularly.

<p>This eBook details three ways of achieving security with speed. </p>
<ul>
<li>Run the right test at the right time and to the right depth</li>
<li>Align remediation efforts with business risks</li>
<li>Empower developers to secure code as fast as they write it  </li>
</ul>

The Top Three Ways to Build Security into DevOps

This eBook details three ways of achieving security with speed. 

  • Run the right test at the right time and to the right depth
  • Align remediation efforts with business risks
  • Empower developers to secure code as fast as they write it  

The goal of continuous integration

According to InfoWorld, the goal of CI is “to establish a consistent and automated way to build, package, and test applications, leading to better software quality.” Co-author of “Continuous Integration: Improving Software Quality and Reducing Risk” Paul Duvall notes that best practices of CI include:

  • Frequent code commits
  • Developer test categorization
  • A dedicated integration build machine
  • Continuous feedback mechanisms
  • Staging builds


How to secure continuous integration

CI/CD focuses on speed in the software development and deployment process. Security traditionally does not. The challenge is to secure CI without affecting the speedy delivery of software. That’s where DevSecOps comes in. DevSecOps build on the idea that “everyone is responsible for security” with the goal of safely distributing security decisions at speed and without sacrificing the safety required.

Static application security testing (SAST) is a testing methodology that analyzes source code to find security vulnerabilities that make your organization’s applications susceptible to attack. Because SAST takes place very early in the software development life cycle (SDLC), it helps developers identify vulnerabilities in the initial stages of development and quickly resolve issues without breaking builds or slowing the path to the final release of the application.

Similarly, software composition analysis (SCA) helps organizations build application security into their CI/CD pipeline. SCA provides a comprehensive solution for early management of risk that comes from the use of open source and third-party code in applications and containers.


Explore How to Build Security into DevOps