Shift Left Left Me Up Schitt’s Creek – Help!
Dear Sloan,
I’m up Schitt’s Creek without a paddle, and I don’t know what to do. My leadership team told me to get the team to shift left. What is shift left? How do I get the team to do it during software development? And most importantly, why should I get the team to do it?
Thank you,
Up Schitt’s Creek in Sioux Falls
Dear Schitt’s Creek in Sioux Falls,
I’m happy to provide you a paddle, and a life jacket. 🦺 Oh, and a raft for the entire team. 🚣♂️. I’ll help you to shore, and out of Schitt’s Creek. Let me first explain that it is an approach in software testing. I’ll describe what I think the leadership team meant when they told you to get the team to shift left.
What Is Shift Left?
The “Shift Left” strategy is used to describe the principle of testing and checking code quality early in the Software Development Life Cycle (SDLC). Shifting left puts your development team on the front lines of quality, security, licensing, and operations.
How do you get the team to embrace the shift left culture?
One quick way to get started with the team is to use continuous software testing, by “shifting” testing left, earlier in the process, rather than one of the final steps in the SDLC. This improves the speed and quality of the team’s code development. When you shift left, your early quality checks catch vulnerabilities during the development phase, where fixes are easier. Shift your culture toward proactive processes instead of reactive processes. Shifting left lets you deal with security issues early and often. If you leave security practices to the end, you end up with security defects in production, and lots of time spent reworking, retesting, etc. Shifting left reduces risk and the costs of fixing security problems.
There are loads of resources written about shifting left, so don’t be shy – – dig in. And, when you explain to the team how shifting left will benefit them, and the quality of their work, they usually buy in quickly, so long as the tools you choose are efficient and effective. SDLC integrations, such as SCM and IDE scanning are examples of tools to help you shift left, where developers are actively coding and are able to fix security vulnerabilities as they develop.
Why did the leadership team ask me to get the team to shift left?
When you shift left, your early quality checks catch vulnerabilities during the development phase, where fixes are easier. Shifting left helps teams remove bottlenecks that often crop up just before deployment, such as testing. Shifting left avoids rework, and your developers and SecOps see lighter workloads over the whole course of the SDLC. It improves quality, and shortens the duration of development. A win/win for teams and the business.
Here are just a few of the many resources available if you’d like to learn more about shifting left. Have a listen to the second episode of our Wicked Good Development podcast, or journey down this Shift Left learning path. And, share your experiences (or concerns) with shifting left in the comments below.
Yours Truly,
Security teams are often overloaded. Shifting left means moving some security responsibility into Engineering so engineers address vulnerabilities in their software before the security team is ever aware of them. It reduces both costs and risk.
Developing Software is something you do, Shifting Left is something you live. (quoting KRS One “Rap is something you do, Hiphop is something you live”)