In the first article in this series we covered the basics. In the second article about the planning process, we covered how developers incorporate security at the beginning of their project. This article explores DevSecOps during the Continuous Integration (CI) phase of the coding process and how to protect the code from supply chain attacks, license issues, and theft. Developers are advised during planning to use secure coding best-practices during the coding process.

For modern IT firms, developing secure software while meeting the market speed and scale needs has always been a paradox. Because of the fear of lagging behind in terms of speed to market, more than 52% of the businesses sacrifice security. That is why adopting DevSecOps and building security into software right from the start becomes an obvious solution. Sooner or later, this strategy is going to conquer the field of software development.

Since President Biden’s Executive Order last spring, the industry has been racing to define, standardise and now produce SBOMs to describe the hundreds of thousands of software products sold to and used by federal government and beyond. So far, little thought has been given to the management of SBOMs in practice. Finding the right SBOMs for all the software an organisation relies upon can already feel like hunting for needles in haystacks.