Software Engineering Institute

DevOps practitioners often omit security testing when building their DevOps pipelines because security is often linked with slow-moving business units and outdated policies. However, security plays an important role in the software development lifecycle and must be addressed in all applications. Incorporating security into different stages of the DevOps pipeline will not only start to automate security but also allow your security process to become traceable and easily repeatable. Kontostathis of the CERT Secure Lifecycle Solutions Team presents two common tools that can be used during deployment that allow for automated security tests: Gauntlt and OWASP Zed Attack Proxy (ZAP). The bulletin includes a link to the blog post.

In This Issue

• Nominations Open for Linda M. Northrop Software Architecture Award
• SEI Podcast Series: An Interview with Grady Booch
• SEI Blog: Adding Security to Your DevOps Pipeline
• Events: SEI Architecture Technology User Network (SATURN) Conference Registration Open
• SEI Jobs
• Training Opportunities