[{"data":1,"prerenderedAt":480},["ShallowReactive",2],{"/en-us/the-source/security/devsecops-the-key-to-modern-security-resilience/":3,"footer-en-us":32,"the-source-banner-en-us":339,"the-source-navigation-en-us":351,"the-source-newsletter-en-us":379,"article-site-categories-en-us":390,"devsecops-the-key-to-modern-security-resilience-article-hero-category-en-us":392,"devsecops-the-key-to-modern-security-resilience-the-source-gated-asset-en-us":416,"devsecops-the-key-to-modern-security-resilience-category-en-us":428,"devsecops-the-key-to-modern-security-resilience-the-source-resources-en-us":440},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"config":8,"seo":13,"content":17,"type":24,"slug":25,"category":5,"_id":26,"_type":27,"title":7,"_source":28,"_file":29,"_stem":30,"_extension":31},"/en-us/the-source/security/devsecops-the-key-to-modern-security-resilience","security",false,"",{"layout":9,"template":10,"articleType":11,"featured":6,"gatedAsset":12},"the-source","TheSourceArticle","Guide","pf-devsecops-the-key-to-modern-security-resilience",{"title":14,"description":15,"ogImage":16},"DevSecOps: The key to modern security resilience","Learn how embedding security in development can slash incident response time by 720x and saves millions in security costs annually.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464323/klfzphlaigbvoxr58a1a.png",{"title":14,"date":18,"description":15,"heroImage":16,"keyTakeaways":19,"articleBody":23},"2025-04-01",[20,21,22],"Security teams can reclaim 78+ hours annually for strategic initiatives by implementing integrated security practices that detect vulnerabilities early in the software development lifecycle, reducing remediation time from 30 days to just 1 hour.","Organizations that embed security requirements into the planning phase reduce new security vulnerabilities in production by 20-25%, avoiding costly breaches and significantly decreasing licensing costs through toolchain consolidation.","Automated governance enables a 90% reduction in compliance workload, with audit preparation times decreasing from several weeks to less than one week — all while maintaining high code quality and meeting security standards.","With cyber threats growing more sophisticated and compliance requirements tightening, traditional approaches to secure software development are no longer sufficient.\n\nThe problem isn’t just the expanding threat landscape - it’s how security is conventionally managed. Siloed tools slow down incident response, compliance audits consume valuable resources, and late-stage reviews create bottlenecks. Meanwhile, vulnerabilities slip through the cracks, exposing organizations to potential security breaches.\n\nSecurity professionals have long recognized that vulnerabilities discovered in production can cost approximately 30 times more than those found during development. Beyond the financial impact, these security flaws expose organizations to regulatory fines and reputational damage. The age-old debate between speed and security continues to challenge development teams.\n\n## Integrating security throughout the development journey\nForward-thinking organizations are flipping this narrative by incorporating security measures directly into the developer’s workflow. This approach allows security teams to find, prioritize, and fix vulnerabilities in the same environment where developers write code.\n\nUnlike traditional security testing tools that bolt onto the pipeline, integrated security capabilities eliminate the overhead and context switching that slows teams down. Security teams no longer need to chase developers across disconnected systems, and developers don’t have to pause their work to switch between tools.\n\nBy catching vulnerabilities earlier in the development process, organizations see new security findings in production decrease by 20-25%, reducing the likelihood of costly breaches. And when security incidents do arise, response times accelerate dramatically - reducing mean remediation time from up to 30 days to just one hour.\n\n## Addressing modern supply chain vulnerabilities\nThe software supply chain represents an increasingly critical attack vector. High-profile breaches have exposed vulnerabilities lurking in third-party dependencies and open-source components. As organizations increasingly rely on complex ecosystems of libraries, containers, and services, secure coding practices must extend beyond in-house code.\n\nModern security practices must include continuous scanning of dependencies, container images, and infrastructure as code for known vulnerabilities, ensuring every component is secure before reaching production. Software composition analysis becomes essential, providing transparency into third-party dependencies and automating compliance with emerging supply chain security standards.\n\n## Automating compliance without compromising speed\nCompliance is mandatory, but it shouldn’t slow development. As regulatory frameworks become more stringent and security accountability increases, organizations must maintain compliance without impeding innovation.\n\nBy automating governance and integrating compliance checks into CI/CD pipelines, security requirements can be built into every step of development. Automated policies align with industry standards like SOC 2, GDPR, and NIST, ensuring all code meets security standards before deployment.\n\nThis continuous compliance approach eliminates last-minute scrambles to meet regulatory requirements and reduces non-compliance risk. Automated evidence collection and detailed audit logs streamline reporting, with organizations reporting a 90% reduction in time spent on compliance tasks.\n\n## Moving forward with confidence\nThe path to secure applications with minimal security vulnerabilities requires a holistic approach that embeds security considerations throughout the software development process. By transforming security from a bottleneck into a competitive advantage, organizations can manage vulnerabilities proactively, secure complex software supply chains, and maintain continuous compliance - all while driving cost savings through toolchain consolidation.\n\nReady to see what a unified DevSecOps approach can do for your organization? Download our comprehensive guide to discover how organizations can save millions  in security costs by consolidating their toolchains with a unified DevSecOps platform.\n","article","devsecops-the-key-to-modern-security-resilience","content:en-us:the-source:security:devsecops-the-key-to-modern-security-resilience:index.yml","yaml","content","en-us/the-source/security/devsecops-the-key-to-modern-security-resilience/index.yml","en-us/the-source/security/devsecops-the-key-to-modern-security-resilience/index","yml",{"_path":33,"_dir":34,"_draft":6,"_partial":6,"_locale":7,"data":35,"_id":335,"_type":27,"title":336,"_source":28,"_file":337,"_stem":338,"_extension":31},"/shared/en-us/main-footer","en-us",{"text":36,"source":37,"edit":43,"contribute":48,"config":53,"items":58,"minimal":327},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":38,"config":39},"View page source",{"href":40,"dataGaName":41,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":44,"config":45},"Edit this page",{"href":46,"dataGaName":47,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":49,"config":50},"Please contribute",{"href":51,"dataGaName":52,"dataGaLocation":42},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":54,"facebook":55,"youtube":56,"linkedin":57},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[59,86,158,226,288],{"title":60,"links":61,"subMenu":67},"Platform",[62],{"text":63,"config":64},"DevSecOps platform",{"href":65,"dataGaName":66,"dataGaLocation":42},"/platform/","devsecops platform",[68],{"title":69,"links":70},"Pricing",[71,76,81],{"text":72,"config":73},"View plans",{"href":74,"dataGaName":75,"dataGaLocation":42},"/pricing/","view plans",{"text":77,"config":78},"Why Premium?",{"href":79,"dataGaName":80,"dataGaLocation":42},"/pricing/premium/","why premium",{"text":82,"config":83},"Why Ultimate?",{"href":84,"dataGaName":85,"dataGaLocation":42},"/pricing/ultimate/","why ultimate",{"title":87,"links":88},"Solutions",[89,94,98,103,108,113,118,123,128,133,138,143,148,153],{"text":90,"config":91},"Digital transformation",{"href":92,"dataGaName":93,"dataGaLocation":42},"/topics/digital-transformation/","digital transformation",{"text":95,"config":96},"Application Security Testing",{"href":97,"dataGaName":95,"dataGaLocation":42},"/solutions/application-security-testing/",{"text":99,"config":100},"Automated software delivery",{"href":101,"dataGaName":102,"dataGaLocation":42},"/solutions/delivery-automation/","automated software delivery",{"text":104,"config":105},"Agile development",{"href":106,"dataGaName":107,"dataGaLocation":42},"/solutions/agile-delivery/","agile delivery",{"text":109,"config":110},"Cloud transformation",{"href":111,"dataGaName":112,"dataGaLocation":42},"/topics/cloud-native/","cloud transformation",{"text":114,"config":115},"SCM",{"href":116,"dataGaName":117,"dataGaLocation":42},"/solutions/source-code-management/","source code management",{"text":119,"config":120},"CI/CD",{"href":121,"dataGaName":122,"dataGaLocation":42},"/solutions/continuous-integration/","continuous integration & delivery",{"text":124,"config":125},"Value stream management",{"href":126,"dataGaName":127,"dataGaLocation":42},"/solutions/value-stream-management/","value stream management",{"text":129,"config":130},"GitOps",{"href":131,"dataGaName":132,"dataGaLocation":42},"/solutions/gitops/","gitops",{"text":134,"config":135},"Enterprise",{"href":136,"dataGaName":137,"dataGaLocation":42},"/enterprise/","enterprise",{"text":139,"config":140},"Small business",{"href":141,"dataGaName":142,"dataGaLocation":42},"/small-business/","small business",{"text":144,"config":145},"Public sector",{"href":146,"dataGaName":147,"dataGaLocation":42},"/solutions/public-sector/","public sector",{"text":149,"config":150},"Education",{"href":151,"dataGaName":152,"dataGaLocation":42},"/solutions/education/","education",{"text":154,"config":155},"Financial services",{"href":156,"dataGaName":157,"dataGaLocation":42},"/solutions/finance/","financial services",{"title":159,"links":160},"Resources",[161,166,171,176,181,186,191,196,201,206,211,216,221],{"text":162,"config":163},"Install",{"href":164,"dataGaName":165,"dataGaLocation":42},"/install/","install",{"text":167,"config":168},"Quick start guides",{"href":169,"dataGaName":170,"dataGaLocation":42},"/get-started/","quick setup checklists",{"text":172,"config":173},"Learn",{"href":174,"dataGaName":175,"dataGaLocation":42},"https://university.gitlab.com/","learn",{"text":177,"config":178},"Product documentation",{"href":179,"dataGaName":180,"dataGaLocation":42},"https://docs.gitlab.com/","docs",{"text":182,"config":183},"Blog",{"href":184,"dataGaName":185,"dataGaLocation":42},"/blog/","blog",{"text":187,"config":188},"Customer success stories",{"href":189,"dataGaName":190,"dataGaLocation":42},"/customers/","customer success stories",{"text":192,"config":193},"Remote",{"href":194,"dataGaName":195,"dataGaLocation":42},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":197,"config":198},"GitLab Services",{"href":199,"dataGaName":200,"dataGaLocation":42},"/services/","services",{"text":202,"config":203},"TeamOps",{"href":204,"dataGaName":205,"dataGaLocation":42},"/teamops/","teamops",{"text":207,"config":208},"Community",{"href":209,"dataGaName":210,"dataGaLocation":42},"/community/","community",{"text":212,"config":213},"Forum",{"href":214,"dataGaName":215,"dataGaLocation":42},"https://forum.gitlab.com/","forum",{"text":217,"config":218},"Events",{"href":219,"dataGaName":220,"dataGaLocation":42},"/events/","events",{"text":222,"config":223},"Partners",{"href":224,"dataGaName":225,"dataGaLocation":42},"/partners/","partners",{"title":227,"links":228},"Company",[229,234,239,244,249,254,259,263,268,273,278,283],{"text":230,"config":231},"About",{"href":232,"dataGaName":233,"dataGaLocation":42},"/company/","company",{"text":235,"config":236},"Jobs",{"href":237,"dataGaName":238,"dataGaLocation":42},"/jobs/","jobs",{"text":240,"config":241},"Leadership",{"href":242,"dataGaName":243,"dataGaLocation":42},"/company/team/e-group/","leadership",{"text":245,"config":246},"Team",{"href":247,"dataGaName":248,"dataGaLocation":42},"/company/team/","team",{"text":250,"config":251},"Handbook",{"href":252,"dataGaName":253,"dataGaLocation":42},"https://handbook.gitlab.com/","handbook",{"text":255,"config":256},"Investor relations",{"href":257,"dataGaName":258,"dataGaLocation":42},"https://ir.gitlab.com/","investor relations",{"text":260,"config":261},"Sustainability",{"href":262,"dataGaName":260,"dataGaLocation":42},"/sustainability/",{"text":264,"config":265},"Diversity, inclusion and belonging (DIB)",{"href":266,"dataGaName":267,"dataGaLocation":42},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":269,"config":270},"Trust Center",{"href":271,"dataGaName":272,"dataGaLocation":42},"/security/","trust center",{"text":274,"config":275},"Newsletter",{"href":276,"dataGaName":277,"dataGaLocation":42},"/company/contact/","newsletter",{"text":279,"config":280},"Press",{"href":281,"dataGaName":282,"dataGaLocation":42},"/press/","press",{"text":284,"config":285},"Modern Slavery Transparency Statement",{"href":286,"dataGaName":287,"dataGaLocation":42},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":289,"links":290},"Contact Us",[291,296,301,306,311,316,321],{"text":292,"config":293},"Contact an expert",{"href":294,"dataGaName":295,"dataGaLocation":42},"/sales/","sales",{"text":297,"config":298},"Get help",{"href":299,"dataGaName":300,"dataGaLocation":42},"/support/","get help",{"text":302,"config":303},"Customer portal",{"href":304,"dataGaName":305,"dataGaLocation":42},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":307,"config":308},"Status",{"href":309,"dataGaName":310,"dataGaLocation":42},"https://status.gitlab.com/","status",{"text":312,"config":313},"Terms of use",{"href":314,"dataGaName":315,"dataGaLocation":42},"/terms/","terms of use",{"text":317,"config":318},"Privacy statement",{"href":319,"dataGaName":320,"dataGaLocation":42},"/privacy/","privacy statement",{"text":322,"config":323},"Cookie preferences",{"dataGaName":324,"dataGaLocation":42,"id":325,"isOneTrustButton":326},"cookie preferences","ot-sdk-btn",true,{"items":328},[329,331,333],{"text":312,"config":330},{"href":314,"dataGaName":315,"dataGaLocation":42},{"text":317,"config":332},{"href":319,"dataGaName":320,"dataGaLocation":42},{"text":322,"config":334},{"dataGaName":324,"dataGaLocation":42,"id":325,"isOneTrustButton":326},"content:shared:en-us:main-footer.yml","Main Footer","shared/en-us/main-footer.yml","shared/en-us/main-footer",{"_path":340,"_dir":341,"_draft":6,"_partial":6,"_locale":7,"visibility":326,"id":342,"title":343,"button":344,"_id":348,"_type":27,"_source":28,"_file":349,"_stem":350,"_extension":31},"/shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18","banner","The Economics of Software Innovation","The Economics of Software Innovation—AI’s $750 Billion Opportunity",{"config":345,"text":347},{"href":346},"/software-innovation-report/","Get the research report","content:shared:en-us:the-source:banner:the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18.yml","shared/en-us/the-source/banner/the-economics-of-software-innovation-2025-08-18",{"_path":352,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"logo":353,"subscribeLink":358,"navItems":362,"_id":375,"_type":27,"title":376,"_source":28,"_file":377,"_stem":378,"_extension":31},"/shared/en-us/the-source/navigation",{"altText":354,"config":355},"the source logo",{"src":356,"href":357},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/the-source/",{"text":359,"config":360},"Subscribe",{"href":361},"#subscribe",[363,367,371],{"text":364,"config":365},"Artificial Intelligence",{"href":366},"/the-source/ai/",{"text":368,"config":369},"Security & Compliance",{"href":370},"/the-source/security/",{"text":372,"config":373},"Platform & Infrastructure",{"href":374},"/the-source/platform/","content:shared:en-us:the-source:navigation.yml","Navigation","shared/en-us/the-source/navigation.yml","shared/en-us/the-source/navigation",{"_path":380,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"title":381,"description":382,"submitMessage":383,"formData":384,"_id":387,"_type":27,"_source":28,"_file":388,"_stem":389,"_extension":31},"/shared/en-us/the-source/newsletter","The Source Newsletter","Stay updated with insights for the future of software development.","You have successfully signed up for The Source’s newsletter.",{"config":385},{"formId":386,"formName":277,"hideRequiredLabel":326},1077,"content:shared:en-us:the-source:newsletter.yml","shared/en-us/the-source/newsletter.yml","shared/en-us/the-source/newsletter",{"categoryNames":391},{"ai":364,"platform":372,"security":368},{"_path":393,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":394,"config":395,"seo":396,"content":399,"slug":5,"_id":413,"_type":27,"title":7,"_source":28,"_file":414,"_stem":415,"_extension":31},"/en-us/the-source/security","category",{"layout":9},{"title":368,"description":397,"ogImage":398},"Get up to speed on how organizations can ensure they're staying on top of evolving security threats and compliance requirements.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",[400,405],{"componentName":401,"type":401,"componentContent":402},"TheSourceCategoryHero",{"title":368,"description":397,"image":403},{"config":404},{"src":398},{"componentName":406,"type":406,"componentContent":407},"TheSourceCategoryMainSection",{"config":408},{"gatedAssets":409},[410,411,412],"source-lp-guide-to-dynamic-sboms","source-lp-devsecops-the-key-to-modern-security-resilience","application-security-in-the-digital-age","content:en-us:the-source:security:index.yml","en-us/the-source/security/index.yml","en-us/the-source/security/index",{"_path":417,"_dir":418,"_draft":6,"_partial":6,"_locale":7,"config":419,"title":14,"description":15,"link":422,"_id":425,"_type":27,"_source":28,"_file":426,"_stem":427,"_extension":31},"/shared/en-us/the-source/gated-assets/pf-devsecops-the-key-to-modern-security-resilience","gated-assets",{"id":12,"formId":420,"utmCampaign":421},1002,"eg_global_cmp_gated-content_speedsecurity_en_securityteaminvestgitlab",{"config":423},{"href":424},"https://learn.gitlab.com/the-source-security/whitepaper-security-teams-gitlab","content:shared:en-us:the-source:gated-assets:pf-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/gated-assets/pf-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/gated-assets/pf-devsecops-the-key-to-modern-security-resilience",{"_path":393,"_dir":9,"_draft":6,"_partial":6,"_locale":7,"type":394,"config":429,"seo":430,"content":431,"slug":5,"_id":413,"_type":27,"title":7,"_source":28,"_file":414,"_stem":415,"_extension":31},{"layout":9},{"title":368,"description":397,"ogImage":398},[432,436],{"componentName":401,"type":401,"componentContent":433},{"title":368,"description":397,"image":434},{"config":435},{"src":398},{"componentName":406,"type":406,"componentContent":437},{"config":438},{"gatedAssets":439},[410,411,412],[441,455,467],{"_path":442,"_dir":418,"_draft":6,"_partial":6,"_locale":7,"config":443,"title":444,"description":445,"link":446,"_id":452,"_type":27,"_source":28,"_file":453,"_stem":454,"_extension":31},"/shared/en-us/the-source/gated-assets/application-security-in-the-digital-age",{"id":412,"formId":420},"Application security in the digital age","Read our survey findings from more than 5,000 DevSecOps professionals worldwide for insights on how organizations are grappling with increasing attack surfaces and changing attitudes towards security and AI.",{"text":447,"config":448},"Read the report",{"href":449,"dataGaName":450,"dataGaLocation":451},"/developer-survey/2024/security-compliance/","Application Security in the Digital Age","thesource","content:shared:en-us:the-source:gated-assets:application-security-in-the-digital-age.yml","shared/en-us/the-source/gated-assets/application-security-in-the-digital-age.yml","shared/en-us/the-source/gated-assets/application-security-in-the-digital-age",{"_path":456,"_dir":418,"_draft":6,"_partial":6,"_locale":7,"config":457,"title":14,"description":458,"link":459,"_id":464,"_type":27,"_source":28,"_file":465,"_stem":466,"_extension":31},"/shared/en-us/the-source/gated-assets/source-lp-devsecops-the-key-to-modern-security-resilience",{"id":411},"Learn how embedding security in development can slash incident response time by 720x and save millions in security costs annually.",{"text":460,"config":461},"Download the guide",{"href":462,"dataGaName":463,"dataGaLocation":451},"/the-source/security/devsecops-the-key-to-modern-security-resilience/","DevSecOps the key to modern security resilience","content:shared:en-us:the-source:gated-assets:source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/gated-assets/source-lp-devsecops-the-key-to-modern-security-resilience.yml","shared/en-us/the-source/gated-assets/source-lp-devsecops-the-key-to-modern-security-resilience",{"_path":468,"_dir":418,"_draft":6,"_partial":6,"_locale":7,"config":469,"title":470,"description":471,"link":472,"_id":477,"_type":27,"_source":28,"_file":478,"_stem":479,"_extension":31},"/shared/en-us/the-source/gated-assets/source-lp-guide-to-dynamic-sboms",{"id":410},"Guide to dynamic SBOMs: An integral element of modern software development","Learn how to gain visibility into previously unidentified organizational risks with a software bill of materials (SBOM).",{"text":473,"config":474},"Read the guide",{"href":475,"dataGaName":476,"dataGaLocation":451},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs","content:shared:en-us:the-source:gated-assets:source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/gated-assets/source-lp-guide-to-dynamic-sboms.yml","shared/en-us/the-source/gated-assets/source-lp-guide-to-dynamic-sboms",1758662342529]