QA has always been the gatekeeper of every organization’s digital presence. In the past, departments like development and operations had their own QA processes and people, and worked in silos, not communicating with each other and causing lags and roll-backs due to the disconnect in the end-to-end flow.

With the advent of Agile Development and the push towards DevOps came faster and shorter release cycles but also an increased risk of security vulnerabilities passing to production and delays resulting from those vulnerabilities. Github’s CodeQL, released late last year, has already scanned over 12,000 repos and has found over 20,000 security issues including remote code execution (RCE), SQL injection (SQLi), and cross-site scripting (XSS) vulnerabilities.

While DevOps promotes shorter and faster release cycles, DevSecOps ensures shorter, faster, and secure releases. The work-from-home culture resulting from the ongoing pandemic has made it imperative that organizations make a left shift and fortify security in the early stages of the development lifecycle.

This left shift has put a greater burden on QA, resulting in Automation becoming main stream. The sentiment has changed to: If it can be written and is repetitive, then it can be automated. Increasing QA’s presence in the entire SDLC from the early stages and automating the process is the only efficient way to support organizations in achieving the accelerated “time to market” demand and have a positive impact on the ROI.

Now the question is: what can and should be automated? Defining this criteria will govern how successful the Automation process is in supporting agile and secure releases.