Gartner Research

12 Things to Get Right for Successful DevSecOps

Published: 19 December 2019

Summary

Integrating security into DevOps to deliver DevSecOps demands changed mindsets, processes and technologies. Security and risk management leaders must adhere to the collaborative, agile nature of DevOps for security testing to be seamless in development, making the “Sec” in DevSecOps transparent.

Included in Full Research

Introduction

Key Challenges

Analysis

Gartner Recommended Reading

Adapt Your Security Testing Tools and Processes to the Developers, Not the Other Way Around
Quit Trying to Eliminate All Vulnerabilities During Development
Focus First on Identifying and Removing Known Open-Source Vulnerabilities
Don’t Expect to Use Traditional DAST/SAST Without Changes
Train All Developers on the Basics of Secure Coding, but Don’t Expect Them to Become Security Experts
Adopt a Security Champion Model and Implement a Simple Security Requirements Gathering Tool
Secure and Apply Operational Discipline to Automation Scripts and Infrastructure Security Posture
Implement Strong Version Control on All Code and Components
Implement Secrets Management
Adopt an Immutable Infrastructure Mindset
Rethink How Service Delivery Incidents — Including Security — Are Handled
Use Dynamic Access Provisioning for Developers in DevSecOps

Overview

Analysts:

Neil MacDonald, Dale Gardner

Access Research

Already a Gartner client?

Just stopping by?

Purchase Document

To view this research and much more, become a client.

Speak with a Gartner specialist to learn how you can access peer and practitioner research backed by proprietary data, insights, advice and tools to help you achieve stronger performance.

Work Email Person Type

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Contact Information

All fields are required.

First Name Last Name Phone Country Person Type

Job Title Company Name Job Function

By clicking the "Submit" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Gartner research: Trusted insight for executives and their teams

What is Gartner research?

Gartner research, which includes in-depth proprietary studies, peer and industry best practices, trend analysis and quantitative modeling, enables us to offer innovative approaches that can help you drive stronger, more sustainable business performance.

Gartner research is unique, thanks to:

Independence and objectivity

Our independence as a research firm enables our experts to provide unbiased advice you can trust.

Actionable insights

Not only is Gartner research unbiased, it also contains key take-aways and recommendations for impactful next steps.

Proprietary methodologies

Our research practices and procedures distill large volumes of data into clear, precise recommendations.

Gartner research is just one of our many offerings.

We provide actionable, objective insight to help organizations make smarter, faster decisions to stay ahead of disruption and accelerate growth.

Tap into our experts

We offer one-on-one guidance tailored to your mission-critical priorities.

Pick the right tools and providers

We work with you to select the best-fit providers and tools, so you avoid the costly repercussions of a poor decision.

Create a network

Connect directly with peers to discuss common issues and initiatives and accelerate, validate and solidify your strategy.

Complementary related insights

Gartner clients can log in to access the full library.

How to Set Practical Time Frames to Remedy Security Vulnerabilities

Gartner Top Security and Risk Trends for 2021

How to Respond to a Supply Chain Attack

Security Operations Primer for 2022

Hype Cycle for Security Operations 2021 | Gartner

Cyber Risk Management and Ways To Optimize Risk | Gartner

The Gartner Top Cybersecurity Predictions for 2023 and Beyond (APAC)

Deploy a Cloud-based SASE Security Offering to Enable Anytime, Anywhere Access

Experience Information Technology conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

View Conferences

©2022 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.