DevSecOps is when the development, security, and operations teams work together to introduce security and testing much earlier in the software development lifecycle. In the DevSecOps domain, “Shift left” is an often and commonly used terminology to solve common problems such as delays and increased costs.
But with everyone saying “Shift left,” we will see what exactly is meant by “Shift left security” and “Shift left testing” in this blog post:
Shift left testing: A typical software development life cycle might involve these stages:
- Requirement analysis
In the traditional waterfall software development model, testing was always done at the end of SDLC. This meant that bugs would be caught only at the end of the SDLC, and this would ultimately delay production and be very expensive for the business itself
According to research from Ponemon research in 2017, the cost of discovering a bug and fixing it was $80/bug in the development phase and $7600/bug if it was discovered and fixed after it went to production.
By shifting testing to the left, the developers become more entwined with the testing process. They will be able to catch the problems faster in the SDLC process and rectify them sooner, which will speed up production.
The advantages of a “shift left testing” approach are automated testing, faster delivery of applications, and reduced costs.
Shift left security: “Shifting security” to the left is one of the ways in which DevSecOps principles can be implemented successfully. In earlier times, security was always an afterthought and was introduced at the last stage. When this happened, there was always discord between the development team and the security team, which resulted in delays and insecure software. Introducing security during the design phase of the SDLC ensures that secure software is delivered at a faster time frame.
Developers are given appropriate tools to automate security into their work so they do not have to do any additional work. In addition, they are also taught secure coding practices to be applied to their development practices. In a “Shift security left” approach, security best practices are applied at all stages of SDLC.
Some of the tools and technologies to shift security to the left are SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), SCA(Software composition analysis), and RASP (Runtime Application Self-Protection).
We have seen what is meant by “Shift left” in the DevSecOps domain in this post. Join us as we uncover more about DevSecOps concepts in future posts!