For the last several years, GitLab has run a major survey about the trends facing the DevSecOps community. This year over 4,000 people responded to the survey, 40% who identified as a Software Developer / Software Engineer. Also about half the survey participants are based in Asia, a major region for Software Developers. One of the biggest trends you will find throughout the survey is how much developers value speed and efficiency.

Security is hard to get right in a world of continuous delivery and containers. The increasingly diverse technology landscape and relentless speed of innovation afford us no time to step back and take stock of our risks, and even less time to perform remediation. In the past, we could perform point-in-time security audits, which was OK when our systems were mostly static, save a quarterly release. But that’s not the world we live in today.

DevOps vs DevSecOps: Learn the similarities and differences of each agile methodology and the essential processes involved.

Let’s take a moment and think about security in your organization. Security is often separate from other engineering teams such as development, operations, networking, IT, and so forth. If you narrow down your focus to specifically releasing new software or features and functions in existing software, you’ll find that while development and operations are working together very quickly and efficiently, they’re still vaulting these functions and features over to security.

Unifying three distinct teams—development, security, and operations—around a common approach to get application releases to production is challenging. This post explores how Tanzu Labs partnered with a major branch of the Department of Defense (DoD) to build an automated DevSecOps process using VMware Tanzu and several open source tools.