Shifting Left
This view allows me to review vulnerabilities before pushing to production and reducing risk
What is the Merge Request?
This check requires a security team member to approve the merge request to prevent vulnerabilities from merging in.
What is security approval rules?
This scanning tool identifies committed keys in the repository such as AWS or personal tokens.
What is Secret Detection?
The long list of tools I have will not allow me to scale out successfully.
What is Toolchain Tax?
An organization may be up at the end of their contract with another security tool.
What is a Renewal?
It costs this much to remediate after production
What is 30X?
As an organization, I have to check certain dependencies to minimize legal ramifications.
What is License Compliance?
This scanning tool inspects the source code for weaknesses such as memory issues or bad function calls.
What is SAST?
I'm "too far in which direction" if I'm scanning after production.
What is "Too far Right"?
An organization has realized they are managing three different security tools and costs have spun out of control.
What is a Consolidation Effort?
This type of loop in the merge request saves me time and reduces security risk.
What is having "immediate feedback"?
This makes it easier to apply security scans across an organization without setup friction
What is security execution policies?
This scanning tool can determine security misconfigurations with my cloud settings such as AWS.
What is Infrastructure as Code Scanning?
I'm not sure which applications are vulnerable or I have to check multiple places
What is "Lack of Visibility"?
A startup has no security procedures and recently hired a security lead to implement a better security posture.
What is a New Security Initiative?
These two roles have been traditionally silo'd when delivering applications.
What is the "developer" and "security engineer"?
Developers may try to override their pipeline. The DevOps engineer who oversees testing and deployment will use this type of pipeline to prevent this?
What is compliance pipelines?
This type of text file stores security scanning results and is not human friendly to read and is the only way to view results in non-Ultimate tiers.
What is a JSON report?
The developer can be overburden with many screens and tools to review.
An organization is trying to obtain a new customer and must follow specific procedures.
What is Compliance Requirements?