That’s far from being an exhaustive list—there are many other free tools you can use within your CI/CD pipelines, but it’s a good start depending on the type of code you’re writing. This doesn’t mean you’re exempt from fixing the results from penetration testing. However, the automation tools you integrate can help cut down on the vulnerabilities discovered in those post-release assessments and not hinder your deployments. Research consistently shows that vulnerabilities discovered late in the development process drive up cost and risk, so stay ahead of the curve.



WHAT ABOUT ALL THOSE OTHER THREATS?

There are, of course, security threats that are beyond your control. There will be vulnerabilities that no tools within your automation chain are going to catch or fix. Continuously updating your paved road (gold image) to the latest secure version may be an admirable goal, but in reality, it requires time and effort to test each configuration—and that takes more resources than what we listed above.

Adding an extra level of protection in the mix is a no-brainer, and even more so if you don’t have expertise to run the tools listed above. F5 Essential App Protect cloud-native SaaS proactively shields your web-facing apps. It serves as a catchall for application attacks such as Cross-Site Scripting (XSS) or injection that exploit production vulnerabilities. It also protects against known malicious IP addresses and active attack campaigns identified by the F5 Labs threat intelligence team.