This sounds great, until he started talking about needing to deploy it to severs and clusters. I really had hoped I could run this in my cicd pipeline and stop the build if it finds things
You can do exactly that. Just run your end-to-end tests within a testing environment instrumented with the IAST agents and stop the pipeline if the IAST agents report any security violation. At least it is as I understood it.
IAST solutions usually have powerful APIs so you can integrate them with CI/CD, ASOC, etc. You should be able to configure pipeline gates that depend on the findings of the IAST tool.
@@danilaors Contrast has a very strong product. Ask your Performance Mgmt / Site Reliability / Operations teams if your company is already using Dynatrace for observability. There's Passive IAST, Runtime SCA, and RASP features in there that can be activated with zero install / configuration / maintenance if already there for observability.
This sounds great, until he started talking about needing to deploy it to severs and clusters. I really had hoped I could run this in my cicd pipeline and stop the build if it finds things
You can do exactly that. Just run your end-to-end tests within a testing environment instrumented with the IAST agents and stop the pipeline if the IAST agents report any security violation. At least it is as I understood it.
IAST solutions usually have powerful APIs so you can integrate them with CI/CD, ASOC, etc. You should be able to configure pipeline gates that depend on the findings of the IAST tool.
I would like to know iast tools that can I use in my cicd pipeline
@@danilaors seeker IAST
@@danilaors Contrast has a very strong product. Ask your Performance Mgmt / Site Reliability / Operations teams if your company is already using Dynatrace for observability. There's Passive IAST, Runtime SCA, and RASP features in there that can be activated with zero install / configuration / maintenance if already there for observability.