It's 2018...we need to think about security differently

No longer can security be an afterthought in application development. Equifax, Meltdown and Spectre, and other DevSecOps disasters prove that the old adages of "security is everyone's job" and "shift security left" need to stop being adages...and start being common practice.

This is why GitLab has taken a fresh look at security. Just as we did a few years ago with CI/CD, we've taken a ground-up look at security practices in DevOps. Security scanning (SAST, DAST, dependency, and container scanning) needs to happen on every commit not just at the end of the release cycle. Doing so empowers developers to move faster and safer, instead of having to make a choice at the end of a cycle: do we ship something we know is insecure or do we delay our shipment. Or worse - we've been shipping code for years with no security scanning in mind.