Now Is the Time to Embrace the GitHub Platform
Every organization has been challenged by 2020. Many companies have been thinking about moving to the cloud — but the pandemic has forced many to accelerate their timelines and go through with the transition.
In the long run, those companies that are intentional and strategic about this transition will disrupt their industries, and companies that are just reacting will be far less successful.
One key to success in moving to and operating in the cloud is security. DevSecOps is a term that is becoming more and more prevalent as organizations are scrambling to ensure that their digital platforms and software delivery lifecycles are not only scalable, but secure.
Security should not be an afterthought in the development lifecycle. Everyone involved in the software supply chain is responsible for security. But security is also hard: how do you arm your developers with tools and platforms that empower them to build secure software? How can you integrate your security professionals into daily workflows?
GitHub Advanced Security
When Microsoft purchased GitHub, CEO Satya Nadella stated, “[The] most important thing with a community asset like GitHub is to stay true to the core ethos of developer-first that GitHub has always had.” The ethos of open source software delivery – even when it is applied internally through InnerSourcing — allows teams to create software at unprecedented velocity. According to market research, open source software powers 99% of large enterprise applications: so how do organizations ensure that their applications are not open to vulnerabilities in open source dependencies?
GitHub Advanced Security tools include Dependabot, which scans package dependencies and automatically notifies about potential vulnerabilities. Dependabot can even create Pull Requests that automatically bump packages to patched versions for testing in automated pipelines. CodeQL (formerly Semmle) allows teams to run security scanning on repositories, executing queries from your security professionals and the wider security community to detect code quality and security issues. Integrating these tools into the Continuous Integration/Continuous Development (CI/CD) process ensures that developers are empowered to deliver secure software and that security professionals are deeply integrated into the DevOps process.
Another challenge facing DevSecOps teams is the fact that GitHub platform functionality overlaps with Microsoft’s original DevOps platform, Azure DevOps. Many organizations have invested heavily into Azure DevOps — so how do teams navigate the DevOps landscape with GitHub and Azure DevOps? Should they migrate or integrate? How can teams take advantage of the best of both platforms?
Cognizant Microsoft Business Group
Cognizant recently formed the Cognizant Microsoft Business Group (MBG) through the acquisitions of both New Signature and 10th Magnitude – companies highly specialized in Microsoft Azure and DevOps. Both New Signature and 10th Magnitude have worked with GitHub to become two of the first GitHub Verified partners. In addition to merging GitHub partnership efforts, the MBG has recently shown commitment to security by publishing one of the first security offerings built around the suite of GitHub Advanced Security tools (click here to view on the Azure Marketplace).
The MBG has deep expertise in modernizing DevOps platforms and processes within organizations. Our focus is to help organizations create developer velocity, without sacrificing security and quality. This translates directly to business outcomes by decreasing cycle times and getting value to customers faster, securely. Our customers can leverage our experience to create the correct modern DevOps platforms and processes, as well as integrating security into the supply chain with GitHub Advanced Security tooling.
The Cognizant MBG believes that now is the time to embrace the GitHub platform, not only to take advantage of the power of open source development through InnerSourcing, but also to leverage GitHub Advanced Security. Get in touch with us today to kick-start your DevSecOps journey.