Stopping builds when a vulnerability is detected should be a basic component of CI/CD and DevSecOps. It helps ensure compliance, but it is also a major shift from how things are done now. Consequently, it can be a major source of frustration to developers. After all, all of their hard work is about to be unleashed in all of its glory to the world and the new system halts it in its tracks. It can be another source of frustration "brought on by security."
This is a reality of culture change and something that must be managed to be successful in implementing DevOps in an organization. Ramping up new processes and allowing team members to see the value to them and the organization as a whole facilitates a successful culture change.
from DZone.com Feed http://bit.ly/2vqYKMD
No comments:
Post a Comment