Jan 16
Loading video player...
Often security is done right at the end
or it's done we're trying to think about
it in advance when we don't really know
what we're doing for security. We look
at security in pull requests but we
don't really know what we're looking
for. We do dependency scanning and that
kind of thing. If you can weave the
security story in right from the
beginning like did the developer build
this with a dependency which has got a
known issue for example right at the
beginning uh or like
>> did we rebuild something halfway through
our pipeline and now we have different
dependencies or now we've I don't know
integrated a different tool which is
causing different problems like we want
to see that all the way through. We
don't want to be thinking about it right
at the end and having to undo all of
that work and start all over again. And
this can be part of this steering that
we're talking about so that the agent
does that instead of you, right?
>> You want to shift left everything where
possible. You want it to be as left as
possible. Now, for Jet Brains, this is a
great story because you don't get much
more left than the IDE, right? You want
everything inside the IDE. But yeah, the
earlier you can find something, the
faster and cheaper it is to fix, which
also means that you need it to be fast,
otherwise you can't shift it left
because it takes too
A common issue in modern software delivery is that security is still treated as something to address at the end of the process rather than at the outset. With the advent of AI, this problem becomes especially relevant. We discussed this in our recent Spec-Driven AI Development livestream. See the full conversation 👉 https://jb.gg/spec-driven-social