Continuous integration security testing, also called continuous integration (CI), is a software development practice where isolated changes are immediately tested. Then, they are reported on and added to a central repository.
Since this method detects bugs early in development, the bugs are typically smaller and easier to resolve. Continuous Integration Security Testing improves code integrity, leads to more secure software systems, and reduces the time it takes to release new updates. Usually, merging all development versions of the code base occurs multiple times throughout a day.
Continuous Integration and Continuous Delivery (CI/CD) are considered the next gen of DevOps. In a CI/CD environment, it’s common to push code to production several times per week, or even several times per day. Releasing software as quickly as possible puts pressure on developers to just write and release code without checking to see if that code is secure. The need for speed can cause problems throughout the entire SDLC, especially if that code or product has already been “shipped” to the marketplace.