In an industry full of acronyms and buzz words, the term “shift left” surfaced as a result of organizations waiting to perform software security testing until the end of the development process. The problem here is that the industry still tends to think of developing, testing, and delivering software as if someone was reading a book in English, from left to right. If you’re testing your software to detect security vulnerabilities near the end of the process (on the right), the recommendation is to “shift your testing farther to the left” and perform security testing sooner within the development process itself. However shift left makes very little sense overall, since DevOps is not linear like the Waterfall software development methodology. DevOps is circular as depicted in the figure below.
DevOps really doesn’t have left or right in comparison to the more-linear processes used in the past. Sure, Dev is on the left and Ops is on the right, but DevOps is more like a figure-8 infinity loop that has no beginning and no end. The Dev process never stops and the Ops process never stops as well. If someone were to shift left in the figure above, where is “left”? A better recommendation would be to shift center and add application security testing solutions throughout the entire Dev process. Here is an analogy that may help make better sense of the notion of shift left and why it really doesn’t fit in DevOps.
Blog
Why “Shift Left” in DevOps is really “Shift Center”
-
By Stephen Gates
- April 8, 2020
About the Author
Stephen Gates
Stephen Gates is an experienced writer, blogger, and published author who brings 15+ years of hands-on knowledge in information security to the Checkmarx team. Stephen is dedicated to conveying facts, figures, and information that brings awareness to the cybersecurity issues all organizations and consumers face. Aligning with Checkmarx mission of improving software security for all organizations, he is an advocate and promoter of their solutions worldwide.
See All Blogs > Stephen Gates
Stephen Gates is an experienced writer, blogger, and published author who brings 15+ years of hands-on knowledge in information security to the Checkmarx team. Stephen is dedicated to conveying facts, figures, and information that brings awareness to the cybersecurity issues all organizations and consumers face. Aligning with Checkmarx mission of improving software security for all organizations, he is an advocate and promoter of their solutions worldwide.
See All Blogs > About the Author
Never miss an update. Subscribe today!
By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.