Having a monolithic CI/CD pipeline for both CI/CD and Security (SAST/DAST/SCA) is very common, however maintaining a single pipeline to take care of all security needs is becoming an anti-pattern. Security slows down CI/CD and creates friction between Sec & Dev needs. Creating completely separate/shadow/parallel pipeline for DevSecOps needs seems to be working very well for big enterprises.
Recommended Reading Available in Our Bookstore
12 Rules for Life: An Antidote to Chaos by Jordan Peterson
DevSecOps & Application Security Technology Infrastructure & Operations
Share With Your Community