In this document, we go beyond classical definitions of DevSecOps to express our vision of an emerging collaboration between Developers, AppSec, and Ops teams: the AppSec Shared Responsibility Model.
As presented in our 2022 State of Secrets Sprawl report a single AppSec engineer has to handle more than 3.4K secrets occurrences a year! And this is only considering one type of vulnerability…
This has huge consequences if you want to release secure applications at the DevOps velocity. It means that to embed security controls into the DevOps culture, processes, and tools, you need to reduce friction and break the security silo. This is why application security needs to evolve towards a new shared responsibility model.
Set up pre-commit Git hooks and catch hardcoded secrets before you push your work.
Act on high-fidelity alerts and empower your developers to remediate their own incidents.
Harden your CI/CD pipelines with automated secrets scanning and never deploy a secret again.
GitGuardian has absolutely supported our shift-left strategy. We want all of our security tools to be at the source code level and preferably running immediately upon commit. GitGuardian supports that. We get a lot of information on every secret that gets committed, so we know the history of a secret.
Time to remediation is now in minutes or hours, whereas it used to take days or weeks previously. That's the biggest improvement. Because it is automated and visible to the author, someone from the security team doesn't have to remind them or recheck it. That means the slowdown in the deployment process has definitely been improved by an order of magnitude. There is easily a 30-hour improvement on time to remediation, which is about an 85 percent improvement.