Case study | Atlassian
How a leading bank enabled DevSecOps by shifting Security to the Left
- Geography: USA
- Industry: Banking
- Employees: 10K +
- Solution: DevSecOps
- Services: DevOps
The client
A leading global banking and financial services organization, headquartered in New York, engaged enreap to strengthen application security across its large and diverse application landscape. With multiple development teams working on technologies like Java, Python, and Node.js, the organization required a scalable and efficient approach to ensure application security, compliance, and timely vulnerability management.
Client requirements
Automated Security Integration
Embed security scans into the development lifecycle to eliminate manual processes and delays.
Centralized Visibility & Tracking
Provide a unified view of vulnerabilities, scan results, and remediation status across teams.
Scalable & Extensible Framework
Enable integration of multiple security tools and support evolving DevSecOps requirements.
Our approach
enreap designed an event-driven DevSecOps framework integrated with GitLab CI/CD pipelines to automate application security scans. The approach enabled asynchronous scan execution, centralized result publishing, and seamless integration with existing tools—ensuring security became an integral part of the software development lifecycle without impacting developer productivity.
Our solution
Automated CI/CD Security Integration
Embedded security scans directly into GitLab pipelines, enabling automated execution during code commits, merges, and release stages.
Event-Driven Orchestration
Leveraged an IFTTT-based framework using tools like Kafka and StackStorm to trigger and manage scans via API/CLI integrations with multiple AppSec tools.
Centralized Visibility & Extensibility
Enabled unified dashboards for scan results and vulnerability tracking, with a scalable architecture to integrate additional security tools over time.
Business benefits
- Security scans automated and embedded into CI/CD pipelines
- Reduced manual effort and eliminated process bottlenecks
- Early vulnerability detection enabling “Shift Left” security
- Improved developer productivity with minimal disruption
- Centralized dashboards for visibility and tracking
- Reduced risk of vulnerabilities reaching production
Technology stack
Strengthening ITSM Governance and Compliance for a Leading Bank in Singapore
Written by
Ruchika Mohite