Becoming agile and application-driven is on the agendas of many companies. The COVID-19 crisis is forcing many of them to hurry digital transformation, since much business previously done in person has moved online.

But security “no men” often stop or slow the building and deploying of new software. To keep pace with demand for new apps, now is as good a time as any for teams to start doing what they should have been doing all along: building security into the app-making process from step one. 

“Entire bodies of human activity are shifting from offline online — like social, consumer, business-to-business, healthcare, finance, commerce, retail. That means massive demand for new applications, new application development — and quickly,” said Scott Johnston (pictured, left), chief executive officer of Docker Inc. Businesses with little or no digital footprint are especially anxious, grasping for a digital channel through which to continue doing business, Johnston added. 

Shipping code quickly and clearing security tests without a hitch is now more important than ever. Containers (a virtual method for running distributed applications) and container orchestration platforms such as Kubernetes have done much to speed up the cadence of app development. But for many, security continues to cause headaches and recalls after applications have been designed and deployed.

Johnston and Peter McKay (pictured, right), chief executive officer of Snyk Ltd., spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during DockerCon Live. They discussed shift-left security for agile developer operations and the Docker-Snyk partnership. (* Disclosure below.)

Shift-left spreads security fun around

“Security is often seen as a point of friction or a way to delay applications from getting to market and delivering value quickly,” Johnston said.

In failing security tests, developers may have to go digging through their work to find vulnerabilities and rewrite code. This is unacceptable now that getting applications and digital products to market quickly and bug free is vital to many companies’ survival.

Docker has partnered with security startup Snyk on an integration that makes security a part of app development for developers themselves. Snyk provides native vulnerability scanning for Docker container services and will now provide continuous security directly in Docker’s containerized-app development process. The integration takes the shift-left principle as far left as possible to the local Docker Desktop as an integral part of the full dev chain, Johnston explained.

The Snyk security integration allows teams to nip security issues in the bud as they are developing apps, and may even automatically fix them. “When they develop these applications, they’re secure when they’re done. And all the way through that development life cycle, you’re testing for vulnerabilities and auto-remediating along the way. So it allows them to develop very creatively at the pace in which they want to develop,” McKay said. 

Anything that speeds up time to market and time to value for digital products is crucial for businesses now, according to Johnston. “This lets them ship faster. And now is the time when they need to ship and ship fast,” he stated. 

We can expect to see Docker and Snyk collaborate further in the year ahead on security solutions that enable agile development, according to Johnston.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of DockerCon Live. (* Disclosure: TheCUBE is a paid media partner for DockerCon Live. Neither Docker Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE