Over the past years, the adoption of Agile and DevOps grew, and together with it, we have also observed the rise of DevSecOps. Such practice recommends shifting left security testing and remediation of security vulnerabilities as early as possible within the SDLC. While the idea is great, and we’ve seen the rise of many types of security testing tools, for developers that are no security experts, finding the needle in a haystack white using such tools is a challenge and a delay to the overall release cycle.
The tool stack that is available today for developers and security engineers to run security tests consists of SAST, DAST, and SCA, and while these are powerful tools and mostly automated, they have their limitations when it comes to flooding the developers with a lot of security issues, false positives, and other noise.
Read the original article: