One DevOps platform can help you achieve DevSecOps
Application security testing (AST) is a fast-moving and important area for software development. DevOps methodologies have spurred the need to integrate testing within the developer’s workflow. GitLab believes the more ingrained AST is in the software factory, the more secure applications will be and the easier it will be for companies to meet compliance demands. We believe our strategic platform approach, where security and compliance are embedded in DevOps from planning to production, provides efficiency and value unmatched by traditional application security vendors. Gartner® has named GitLab a Challenger in the 2022 Gartner Magic Quadrant™ for Application Security Testing. According to Gartner, “a major driver for the evolution of the AST market is the need to support enterprise DevSecOps and cloud-native application initiatives.” “We are excited to see continued momentum for our unique approach that embeds security into the DevOps workflow,” says Hillary Benson, GitLab director of product management. This is the third year that GitLab has been recognized in the Gartner Magic Quadrant for Application Security Testing. “We believe that our recognition as a Challenger in the Magic Quadrant represents an evolving market understanding of the value of an approach that empowers and enables developers to find and fix vulnerabilities – and the simplicity of leveraging a DevOps platform to do so.” You can read more about the results and download a copy of the report by visiting our commentary page. GitLab’s complete DevOps platform approach provides automation needed by DevOps, along with policy and vulnerability management needed by security professionals. GitLab’s Ultimate tier provides an integrated, vetted, and managed set of scanners to meet the security and compliance needs of modern-day application development and cloud-native environments. A unique approach to AST We continue to innovate in the application security space. Let’s look at how we’re different from many of the more traditional stand-alone AST technologies. It’s these very differences that provide benefits achievable by using a single platform for DevOps and security. For example: We build comprehensive scans into the CI pipeline to enable a more interactive testing environment. This is a unique approach as others in the category focus their offering on instrumentation-based interactive AST. With GitLab, the developer gets a more complete view of the security flaws as they are created – when they are most efficiently resolved. Similarly, while analysts place emphasis on lightweight spell-check-like SAST features, we have found that these features are less important to GitLab users, again because of our built-in approach. A metaphor may be helpful to explain. We are all accustomed to saving documents frequently so edits are not lost. Developers do the same while editing software. Changes made are “committed” frequently to the code repository. Upon hitting the ‘commit’ button, GitLab performs a true, SAST scan on code changes, which gives developers instant and more complete feedback. And DevOps teams can choose to enable DAST scanning that uses GitLab’s review app feature to assess changes pre-merge. Similarly, dependencies, containers, infrastructure as code, and more can all be scanned, at the push of the commit button. In addition, GitLab also is keen on providing DevOps teams just-in-time education about vulnerabilities and fixes. Now, via partnerships with Kontra and Secure Code Warrior, GitLab provides developers with crisp training on how to mitigate the specific vulnerability they just created. This helps developers […]
