Techniques are presented herein that shift the risk assessment focus during a software development process, away from the traditional end-of-process review (when a new feature is delivered, or an application is deployed) to earlier in the process when developers are actively at work. Such an approach allows a developer to assess the risk that a candidate software change is about to introduce prior to the developer committing that change, providing the developer with time (during the early portion of the process) to revisit the software and eliminate the identified risk. Aspects of the presented techniques leverage elements of a continuous integration (CI) and continuous deployment (CD) facility, the results that are available from existing unit and end-to-end tests, and the collection and analysis of OpenTelemetry (OTEL)-based metrics, events, logs, and traces (MELT) data to deliver security insights.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.