DevSecOps Message House
Messaging for DevSecOps use case showing positioning, promise, key values.
Positioning Statement: | Simplify and scale security and compliance while adding visibility and control |
---|---|
Short Description | GitLab automates robust application security scanning, embedded within CI, to help you align your security program to the DevOps development process. Automated security and compliance policies help developers go fast while managing software risk. |
Long Description | The complexity of integrating security is one of the biggest challenges facing DevOps. GitLab simplifies DevSecOps efforts and improves compliance, by embedding robust security capabilities for both the developer and the security pro into one end-to-end DevOps platform. The DevOps platform approach improves visibility and control across the entire software factory. |
Key-Values | Simpify governance of your software factory for security and compliance | Scan every code change before it leaves the developer’s hands, simplifying and even automating remediation | Embed security, don’t just integrate it |
---|---|---|---|
Promise | End-to-end visibility and control with guardrails for security policies and common controls for compliance. | Use automation to find and fix security flaws within the developer’s native workflow, providing clear accountability so developers know exactly what risk they introduced. | A single application for both the developer and security can avoid costly maintenance while providing a single source of truth for better collaboration. |
Pain points | Protect the integrity of your software | Eliminate costly triaging and tracking of vulnerabilities that can be fixed at their source. | Stop managing complex tool chain plug-ins and fragile automation scripts. |
Why GitLab | The platform approach enables comprehensive insight for who changed what, where, when for software and infrastructure-as-code | Robust security scans embedded within GitLab CI, including SAST, DAST, Dependency, fuzz testing, API fuzzing, and Container scanning, along with License Compliance and Secrets Detection | The Security Dashboard and Vulnerability Report provides insights security pros need, showing remaining vulnerabilities across projects and/or groups, along with actions taken, by whom and when. |
| Proof points | Chorus uses GitLab for SAST… | Glympse auditors love the transparency GitLab provides.
Last modified June 27, 2024: Fix various vale errors (
46417d02
)