Static application security testing (SAST) involves analyzing source code to identify and address potential security vulnerabilities. Using SAST early in development identifies threats before they can affect a live environment. SAST is particularly important for continuous integration and continuous deployment (CI/CD) pipelines. These pipelines automate the integration of new code changes into the main codebase and deploy applications to production environments.

CircleCI supports GitLab as a version control system (VCS). In this tutorial you will learn how to set up your first CircleCI CI/CD pipeline for a project hosted on GitLab. As GitLab can be used either as a SaaS tool, as well as self-managed on-premise installation, I will cover the steps to connect it with CircleCI for both.

In our article on managing static credentials, we discussed the necessity of secrets — the passwords, tokens, and API keys that connect digital services together — and the importance of keeping them secure so that your infrastructure and data are kept safe from intrusion and misuse. For organizations delivering software at scale, managing credentials across multiple teams and projects can quickly become tedious and error-prone, creating bottlenecks and unnecessary risk.

Cloud CI/CD is a force multiplier for development teams, especially those working remotely. Automated CI/CD takes load off of developers, allowing them to focus on building better products. Hosted CI/CD adds further benefit to this, ensuring that this newfound capacity isn’t spent managing the testing and deployment infrastructure, and that remote team members have easy access to CI/CD tools.

If you’ve worked in a large, security-minded organization, you know how developers’ need for speed often clashes with the organization’s need for security. Often this conflict erupts into a high-stakes battle between two teams with very different priorities and perspectives. Ok, it may not always be so dramatic, but the challenge of control and empowerment is very real.