Shift left approaches to software development can lead to enhanced software security without creating more work for developers. These initiatives are made possible in large part by workflow integration. Workflow is a big part of software development, because when it’s automated, workflow is what enables teams to complete tasks more quickly and increase efficiency and accuracy.

Nissan North America learned a painful lesson when the source code for its mobile apps and internally developed tools leaked online after the company misconfigured one of its Git servers. The Git server was left exposed to the internet because it used its default username and password of admin/admin, one of its engineers said.

The term “shift left” refers to software development and the concept of taking a task that’s typically done at a later stage of the process and performing it at earlier stages. This is increasingly done when it comes to testing software code. Shift left can also apply to security, and baking security into the software development lifecycle (SDLC).

CI/CD is a method to regularly deliver applications to customers by introducing automation into the stages of software development. It’s where organizations integrate all of the processes that go into delivering software. The main concepts attributed to CI/CD are continuous integration, continuous delivery, and continuous deployment. But the CI/CD pipeline can also be a target of exploits and compromise.

If you’re looking at things from the development side, the motto when working to build software products would be “ship it”—get it out the door and into the hands of users as soon as possible. From the perspective of the security team, the maxim would be “secure it”—make sure the code is as free of vulnerabilities as possible and is ready for safe use before it ever reaches users.

For the month of April, we are kicking off a series of posts here at Rezilion to celebrate our new partnership with GitLab. Our theme is: Secure it. Ship it. Why? Because the GitLab CI and Rezilion partnership is the answer to meet the needs and demands of modern developers and security teams who want to both innovate quickly and ensure the products they create are secure.

By: Ofri Ouzan, Security Researcher, Rezilion

The recently discovered flaw in Apache’s popular open source logging library for Java, Log4j, could wreak havoc for years to come. Analysts are predicting it could take as long as five years to finish patching related security flaws because of the widespread adoption of the logging library and the complexity involved in maintaining third-party software libraries.

In a key step to resolve the longstanding tension between developers and security teams, Rezilion and GitLab are partnering on an important integration to address those needs. This integration helps developers detect and remediate vulnerabilities early on in the development without adding extra work and steps and release products quickly and securely. Deployed in minutes, Rezilion’s DevSecOps platform is now natively integrated with GitLab CI.