Shifting Left and Automating Code Review

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | RSS

TechSpective Podcast Episode 112

In 2000 Marc Andreessen noted software is eating the world. Fast forward a couple decades, and I think it’s fair to say he wasn’t wrong.

Now that pretty much everything is code, and there are billions upon billions of lines of code, it is also more important to identify and resolve issues in the code to prevent or remove vulnerabilities and flaws that might be exploited.

The evolution from Waterfall to Agile to DevOps has dramatically accelerated the development lifecycle. It has also elevated the need for security to “shift left”–to incorporate security and code review earlier in the development process. Code review needs to be woven throughout the development lifecycle rather than a task that is performed at the “end” of development. To be fair, with DevOps principles and software development today, there is no “end.” It’s a self-feeding cycle.

Florian Noeding, Principal Security Researcher at Adobe, joins me on this episode to talk about Project Kodiak–an Adobe initiative that automates code review. We talk about the concept of security-as-code, or quality-assurance-as-code, and the benefits of automating code review.

Check out the full episode to hear more about the need to “shift left” and how automating code review streamlines development and helps ensure that code that goes into production is more secure.

The podcast itself is audio-only, but the video of our conversation is also available on YouTube if you prefer:

Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.

If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.