devsecops

How Coder fits into your DevSecOps Initiative

By John Andrew Entwistle
03.17.2020
Share

Throughout the years DevOps best practices have driven IT innovation for large organizations’, shortening the development life cycle.

Every year, organizations face IP theft, breaches, and inside threats. It’s these challenges that lead to a focus on security within the DevOps pipeline. DevSecOps serves as an extension to DevOps by addressing security risks and vulnerabilities throughout the software development life cycle. As organizations adopt DevSecOps within their software development teams, it is essential to empower their data scientists and software engineers with the right tools to maintain consistent, secure, and performant development environments.

Coder acts as the first foundational step in an organization’s DevSecOps pipeline by providing developers with a productive, consistent, and secure development environment. With DevSecOps best practices, infrastructure templates are getting source controlled, container images and source code are being automatically scanned for vulnerabilities, and services are being scaled elastically in real-time. However, the development environment is still running on the user’s isolated endpoint, limiting the available resources for tasks and adding more security overhead by having to protect the intellectual property on each user’s isolated endpoint.

Furthermore, the development environment isn’t being source controlled like the infrastructure is in DevSecOps. This makes it difficult and time-consuming for new engineers or engineers switching projects to get their machine in the correct state to work on an application or data set. The engineer has to install the correct version of the project’s programming language, frameworks, and tooling just to start contributing. This installation and setup process is error-prone, very difficult in zero-trust environments, and creates onboarding overhead for development teams.

With Coder, the development environment fits into the DevSecOps pipeline alongside the rest of the development workflow. All development actions and source code are centralized on an organization’s internal infrastructure. This allows engineers to use elastic compute resources to complete tasks, while also reducing the security overhead of the organization by keeping all intellectual property inside the centralized infrastructure. Coder works seamlessly within the most restrictive air-gapped environments, providing productivity in a zero-trust environment for software engineers and data scientists.

Each development environment is created from an image that is defined by the team. These images contain all of the required software dependencies to get started working on a project immediately, thus removing any installation and setup onboarding overhead. These image definitions can also be source controlled, providing an organization with “development environments as code”, similar to how “infrastructure as code” is currently used in a DevSecOps pipeline. This functionality allows for productivity and security to be in harmony, bringing the development velocity of a startup to the enterprise.


How Coder fits into your DevSecOps Initiative was originally published in Coder on Medium, where people are continuing the conversation by highlighting and responding to this story.

Ready to get started?

Request a demo or read our documentation to learn how Coder Enterprise works.