Your version control system, like Git, is a primary vector for secret sprawl, unintentional source poisoning, and intentional source poisoning. In a shift left model, there are degrees of leftness. The most left you can get is to test all the code before the developer tries to commit anything and train them thoroughly in the best practices. But when we rely on people to remember to do things consistently and correctly, we’re cutting holes in the safety net. We need mechanisms.

At Amazon, they have a saying: “Good intentions don’t work. Mechanisms do.” Humans can feel fatigued, rushed, distracted, or otherwise encumbered, and despite all intentions to follow best practices, they don’t. When you automate enforcement of best practices, you can ensure those practices are followed in a much more consistent and correct fashion.

Leave a Reply

Your email address will not be published. Required fields are marked *