During week 1, work with your ShiftLeft customer success representative for onboarding and to review ShiftLeft scan results for a few applications. The objective during the first few weeks is to produce a workflow configuration and automation scripts for various languages and application types that you can reuse to onboard additional applications in the subsequent weeks.
Ensure that suitable stakeholders, such as DevOps, the Active Directory administrator, or members of the AppSec team, are available to troubleshoot and sign-off on the appropriate onboarding activities.
For the first few weeks, you may want to operate ShiftLeft in a scan-only, but synchronous, mode to analyze and produce findings without affecting your build or release cadences. This can help with the introduction of a new tool without drastically changing your existing workflow.
Training the security champions
During the first few weeks, ShiftLeft can help organize training and demo sessions for the identified security champions and AppSec team members to help you train the trainers, easing scalability and adoption of ShiftLeft CORE across all teams.
Writing automation scripts
ShiftLeft offers several automation scripts and Terraform modules to help you automate the deployment process. We can also provide assistance with the development of custom scripts required for a large-scale rollout.
Because automation capability varies among CI/CD platforms, we recommend creating a list of applications and the CI/CD platform with which the application is affiliated to determine the scripts you will need.
ShiftLeft offers support during each step of the onboarding process via the agreed-upon channels, such as email, ZenDesk, or Slack. We have also attached a list of frequently asked questions to this document. You can view a full list via our knowledge base.
Week 1 tasks
|DevOps||Configure the ShiftLeft integration with CI/CD using integration tokens, and ensure that it is working for a few applications|
|AD/IAM admin||Ensure that a select number of users are added to and can log into ShiftLeft platform and access the UI|
|AppSec||Review code analysis results for the initial apps that is available in the ShiftLeft UI|
|DevOps||Collect and share verbose logs with ShiftLeft customer success representative for troubleshooting purposes (if applicable)|
|Security champions||Allocate time for onboarding training sessions, demos, or office hours with ShiftLeft|
|Security champions||Gather feedback and observations from teams to share internally and with ShiftLeft regarding the code analysis process|
|ShiftLeft||Organize demos, onboarding, and office hours sessions|