Ernesto Garbarino
DevSecOps
Posted on October 11, 2018
by Ernesto Garbarino
DevSecOps is a paradigm in which developer, security and operations members of staff form part of one single team without a hand off process. Informally, DevSecOps embeds CI/CD practices and tooling.
Fortify Static Code Analyzer: Fortify checks code written in most major languages (Java, C#, JavaScript, Swift, C, etc.) for security vulnerabilities.
SonarQube: SonarQube checks code written in most major languages for code smells, bugs and security vulnerabilities.