Blogs
Published on
April 26, 2022

Starting Your DevSecOps Journey in 5 Minutes

5
min read
Starting Your DevSecOps Journey in 5 Minutes

WhyWhen

Getting Started

Go to https://scantist.io and sign in with any of your preferred version control services like Github, Gitlab, or Bitbucket.

null

Once in, click on the Projects tab, followed by Manage Projects.

null

You should now see a list of your repositories on the page. Click on the small green ‘plus’ icon next to the repository name to add it as a project and trigger a scan.

In a few short seconds, you should see your results. If you have vulnerabilities, click on the number to view the detailed results.

null

Bonus: Click on the project name, and under Scan Settings enable event-driven scan to trigger a scan every time a new Pull Request or Merge Request is created.

null

And there you have it. You are now covering 60-90% of your application’s total code-base against over 100,000+ known vulnerabilities affecting open-source and third-party components that are most often used to target applications. That wasn’t as hard as you thought, was it?

Next Steps

Now that you have taken the first step to DevSecOps, there are a few additional steps you can take to further improve your application security posture.

Carnegie Mellon University researcher Thomas Scanlon

Github has a few security controls that are readily available to use

open-source application security tools at OWASP

We know most organisations have only just made the exhausting transition to DevOps - or are actually still undergoing that transition. And adding another set of integrations - especially for security in a complex risk landscape - can seem daunting at first. We hope this blog helps make things a little easier and gives you that little push we all need to get started!

Related Blogs

Find out how we’ve helped organisations like you

🌟 Celebrating the Success of NTU Cyber Security Day 2024! 🌟

We are excited to celebrate the successful completion of the 2024 NTU Cyber Security Day!

The Urgent Need for Vigilance in the Software Supply Chain

In an era where digital infrastructure underpins nearly every aspect of our lives, from banking, automotive to healthcare, the integrity of our software supply chain has never been more critical. Recent data from cybersecurity experts paints a stark picture: software supply chain attacks are occurring at an alarming rate of one every two days in 2024. This surge in attacks, targeting U.S. companies and IT providers most frequently, poses a severe threat to national security and economic stability.

An Empirical Study of Malicious Code In PyPI Ecosystem

How can we better identify and neutralize malicious packages in the PyPI ecosystem to safeguard our open-source software?