14 DAY TRIAL // Continuous Integration (CI) is the practice of regularly submitting code to a central repository where automated systems check for its compliance with various types of internal standards. This software engineering practice is widely used in large-scale organizations and for big applications.
The main reason this practice is so popular is because by submitting code and having it tested/checked, developers get quick feedback and bug reports before building more features on top of the existing codebase.
Continuous Integration helps developers avoid dealing with tangled up code and establishes good working practices by putting code quality ahead of speedy delivery timelines.
On the other hand, security, and to be more exact, the security features powered by the app's own code, are usually left as an afterthought, the final stage before delivering the final product, or even worse, as "something to fix" after you launch.
Establishing code security as an integral part of the CI ecosystem is something that has not yet been analyzed and thought over as it should. Companies should test for common security vulnerabilities while they write the code, not later on.
"Here we describe a concept we use internally, and we are contemplating offering as a feature of Barricade," as Jack Leonard from Barricade explains with their recent infographic. "We’re happy to show the world how we adapt security concepts to the dev and ops lifecycle instead of forcing the other way around."
