DevSecOps Process and Methodology: How to Optimize Your DevSecOps Approach
Keeping mission-critical SAP applications secure and available is essential to your organization. Constant change can result in code quality and security issues. Oftentimes in SAP, we see 1.1 critical security vulnerabilities per 1000 lines of custom code. Considering that over the last 10 years we have seen an average of more than 2 million lines of custom code with the biggest one over 80 million of custom code, this means that there will most likely be thousands of critical security vulnerabilities. This means that we see that a lot of manual effort is spent in manually reviewing custom code and transports before putting those into production.
This peer-to-peer review is very time consuming and never complete, as nobody can completely understand how all the different types of security vulnerability and quality issues might look like. With regards to transports, we also have to consider all other objects in a transport which can introduce security vulnerabilities or break business functionality in production. It is important to identify opportunities to optimize your DevSecOps approach to ensure your missional critical applications are not compromised. Shifting quality, security and compliance testing further left is vital to maintaining SAP application integrity and optimization. Identify and fix issues early in development to help ensure application availability and avoid costly repairs and downtime in production. Besides giving developers and basis people tools in their hands to enable this shift-left approach, it is also important to build in automation to validate the security and quality of custom code and transports before releasing them and importing them into production. This takes away the uncertainty from release managers and basis people and provides them the guidance and visibility to know ahead of time what functionality might get broken in production.
I am speaking on the DevSecOps process at SAPTechEd happening December 8-10th, and although this year will be virtual the importance remains the same. The session is perfect for developers, security experts, basis people and architects that are looking to ensure application availability. Learn more here, or check out our interactive opportunities during the show here.