There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery.The ultimate goal is speed — how fast you can scan a new deployment. There are, of course, many barriers that will slow things down, including these:Probely is among the security companies looking to help security teams move the needle via its web application and API vulnerability scanners, which scans and exposes vulnerabilities and provides a report of the findings with detailed instructions on how to fix them.Probely CEO Nuno Loureiro and CTO Tiago Mendo joined AppSec Security Weekly to discuss the challenges of integrating a Dynamic Application Security Testing (DAST) scanner in DevSecOps and how to make the experience easier and more efficient.
Among the tips they offered:This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them and click here for the full episode!
- Some scans run in blocking mode, which takes more time.
- Running scans from dev environments tends to be slower because systems are lower-performance and may not be able to support faster scans.
Among the tips they offered:
- Doing tailored scans for specific needs, which can run more quickly
- Using tools that can identify tech stacks in use and narrow scans to just these
- Conducting partial and incremental scans that will keep the process moving and avoid bottlenecks
- Scoping down to specific endpoints and routes



