Where is the scan?
Seems nobody building those pipelines using a scan stage to ensure no virus or malware was injected throughout the quite complex process from writing a line of code to deploying an application to production. But why? Just forgotten? You're kidding! You guys building fully automated processes at the leading edge without ensuring your software is free of viruses and malware? No scan means automated, multiple per day deployment of malware.
Ok, I understand. You're trusting your developers. Oh, you're trusting your operators too. Is that enough? Which business impact you're afraid of in case you're distributing malware? Automated! Multiple deployments a day! I'm sure it's worth some thoughts on how to integrate automated antivirus scans.
Vendors, still smiling? What's your plan to integrate your scan engines to CI/CD? I never heard about a solution on that. Where's the ScaaS (Scan as a Service), which seamless integrates into pipelines? And all you leading Avira, Kaspersky, TrendMicro, Symantec and McAfees out there: Maybe it's time to implement a platform where all your technology is accessible. I'm going nuts thinking about the revenue of a pay-per-scan service. Remember: Multiple deployments per day/week to be scanned - per application per company.
