Federal agencies often use open-source and third-party software components in development, which saves time and money while supporting the rapid release cycles favored by modern agile and DevOps practices.
GovTechWorks reports that agencies can use automated tools to make sure open-source and third-party components are secure and functional.
From the article:
“Automation is key to agile development,” says Matthew Zach, director of software engineering at General Dynamics Information Technology’s (GDIT) Health Solutions. “The tools now exist to automate everything: the builds, unit tests, functional testing, performance testing, penetration testing and more. Ensuring the code behind new functionality not only works, but is also secure, is critical. We need to know that the stuff we’re producing is of high quality and meets our standards, and we try to automate as much of these reviews as possible.”
Read the full article: Automation critical to securing code in an agile, DevOps world | GovTechWorks