[{"data":1,"prerenderedAt":454},["ShallowReactive",2],{"/ja-jp/the-source/security/10-tips-to-prioritize-security-in-software-development":3,"footer-ja-jp":33,"the-source-banner-ja-jp":331,"the-source-navigation-ja-jp":337,"article-site-categories-ja-jp":359,"the-source-newsletter-ja-jp":361,"10-tips-to-prioritize-security-in-software-development-the-source-source-cta-ja-jp":6,"10-tips-to-prioritize-security-in-software-development-article-hero-category-ja-jp":368,"10-tips-to-prioritize-security-in-software-development-category-ja-jp":394,"10-tips-to-prioritize-security-in-software-development-article-hero-author-ja-jp":407,"10-tips-to-prioritize-security-in-software-development-the-source-resources-ja-jp":427},{"id":4,"title":5,"body":6,"category":7,"config":8,"content":13,"description":6,"extension":24,"meta":25,"navigation":26,"path":27,"seo":28,"slug":29,"stem":30,"type":31,"__hash__":32},"theSource/ja-jp/the-source/security/10-tips-to-prioritize-security-in-software-development.yml","10 Tips To Prioritize Security In Software Development",null,"security",{"layout":9,"template":10,"author":11,"featured":12},"the-source","TheSourceArticle","gitlab",false,{"title":14,"date":15,"description":16,"timeToRead":17,"heroImage":18,"keyTakeaways":19,"articleBody":23},"ソフトウェア開発においてセキュリティを優先するためのヒント10選","2024-04-16","この記事でご紹介するヒントを参考にして、開発サイクルの早い段階でセキュリティをシフトレフトし、効率性を高め、より安全なソフトウェアを開発しましょう。","2分で読めます","https://res.cloudinary.com/about-gitlab-com/image/upload/v1751464607/pmqkaclogv0y5tf4hk3t.png",[20,21,22],"シフトレフトすることで、SDLCの早い段階で脆弱性が検出されるようになるため、ソフトウェアのセキュリティが強化されます。","GitLabはセキュリティをDevSecOpsに統合し、事前対応型のリスク管理を実現します。","GitLabでプロセスを効率化して、開発速度を向上し、コンプライアンスを強化しましょう。","サイバー攻撃やサイバーセキュリティの脅威からの保護は、依然として組織の最優先事項の1つです。そのために、デベロッパーの役割は進化し続けています。GitLabの[2024年グローバルDevSecOps調査](https://about.gitlab.com/developer-survey/)では、「より大きなチームの一員としてアプリケーションセキュリティを担当している」と述べた回答者が過半数を占めており、セキュリティプラクティスのシフトレフトが進んでいることを示しています。\n\nシフトレフト（ソフトウェア開発ライフサイクル（SDLC）の早い段階で脆弱性を検出し、修正するためのセキュリティベストプラクティスを組み込んだソフトウェア設計）を行うことで、チームがより効率化し、ソフトウェアをより迅速にリリースできます。GitLabが調査を行ったセキュリティ専門家の67%が、シフトレフト化が済んだ、または今後3年間でシフトレフトする予定であると回答しています。しかし、開始方法がわからないという方もいらっしゃることでしょう。\n\nDevSecOpsをより効率的に実践するために、シフトレフトする際に役立つヒント10選をご紹介します。\n\n### 1. 時間を測定する\n\nコードのマージ後に、脆弱性を修正するためにどれだけの時間が費やされるのでしょうか？修正にかかった時間を測定し、脆弱性の種類や発生源にパターンがあるかどうかを調べ、改善のために必要な調整を行いましょう。\n\n### 2. ボトルネックを特定する\n\nセキュリティプロトコルとプロセス間で課題やボトルネックとなっている場所はどこですか？うまくいっていない部分を特定し、解決するために計画を立てて実行しましょう。\n\n### 3. 小さく始める\n\n小さなコード変更を行いましょう。プロジェクトに対して大規模な変更を加えるよりも、レビュー、セキュリティの確保、リリースをより簡単かつ迅速に行えます。\n\n### 4. ウォーターフォール型の構造を排除する\n\nSDLC内にウォーターフォール型のセキュリティプロセスが残っていませんか？ウォーターフォール型の構造を排除または削減すれば、方向転換が必要となった場合でも苦労せずに済みます。\n\n### 5. スキャンを自動化する\n\n手作業によるプロセスのせいで脆弱性を発見する過程に遅れが生じ、妨げになっていませんか？マージリクエスト内の調査を自動化し、確認や原因の調査、デベロッパーによる対応を容易にしましょう。\n\n### 6. ワークフローを更新する\n\nデベロッパーのワークフローにセキュリティスキャンは含まれていますか？デベロッパーのワークフローにセキュリティを組み込んでおくことで、コードの作成が済んでデベロッパーの手から離れる前に脆弱性を検出して修正することができます。\n\n### 7. コンプライアンスを実践する\n\n計画や予定にない作業が発生して、リリース時期が遅れていませんか？コンプライアンスフレームワークを自動化して実装することで、開発環境やチーム、アプリケーション全体で一貫性を維持できます。\n\n### 8. デベロッパーがセキュリティレポートを利用できるようにする\n\nデベロッパーはSASTおよびDASTレポートにアクセスできますか？こういった貴重なツールは、開発チームが安全なコーディングプラクティスを構築し、ワークフローの一部として脆弱性を修正する上で役立ちます。\n\n### 9. チームがより効率的に作業できるように支援する\n\n解決済みおよび未解決の脆弱性が存在する場所、脆弱性の作成者、および修正ステータスが表示されるセキュリティダッシュボードを利用できるようにして、セキュリティチームのより効率的な作業を支援しましょう。\n\n### 10. ツールチェーンを削減する\n\nツールチェーンを効率化および縮小すれば、従業員が単一のインターフェイス（信頼できる唯一の情報源）に集中できるようになります。\n\n## GitLabを使用してシフトレフトしましょう\n\nGitLabを使用すると、SDLCの早い段階で脆弱性を発見し、事前対応型のセキュリティ戦略を始められます。GitLab DevSecOpsプラットフォームにはセキュリティとコンプライアンスが組み込まれており、エンドツーエンドのワークフローにより、リスクを把握して管理できます。フィーチャーブランチに潜む脆弱性が自動的にスキャンされるため、本番環境にプッシュされる前に脆弱性を修正できます。GitLabは、厳しいセキュリティおよびコンプライアンス要件を満たすエンドツーエンドのソフトウェア開発プラットフォームで、米国の連邦政府、州政府、地方政府、ベンダー、教育機関のDevSecOps施策をサポートしてきた実績があります。ぜひこちらから[セキュリティのシフトレフト](https://about.gitlab.com/solutions/public-sector/)、業務や使命のより迅速な達成にGitLabがどのように役立つかについて詳しくご覧ください。","yml",{},true,"/ja-jp/the-source/security/10-tips-to-prioritize-security-in-software-development",{"title":14,"description":16,"ogImage":18},"10-tips-to-prioritize-security-in-software-development","ja-jp/the-source/security/10-tips-to-prioritize-security-in-software-development","article","HseimcyhgmNf3B9but1HMQKcTinJuDMh2SKdsFQrG7Q",{"data":34},{"text":35,"source":36,"edit":42,"contribute":47,"config":52,"items":57,"minimal":323},"GitはSoftware Freedom Conservancyの商標です。当社は「GitLab」をライセンスに基づいて使用しています",{"text":37,"config":38},"ページのソースを表示",{"href":39,"dataGaName":40,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":43,"config":44},"このページを編集",{"href":45,"dataGaName":46,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":48,"config":49},"ご協力をお願いします",{"href":50,"dataGaName":51,"dataGaLocation":41},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":53,"facebook":54,"youtube":55,"linkedin":56},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[58,85,158,224,286],{"title":59,"links":60,"subMenu":66},"プラットフォーム",[61],{"text":62,"config":63},"DevSecOpsプラットフォーム",{"href":64,"dataGaName":65,"dataGaLocation":41},"/ja-jp/platform/","devsecops platform",[67],{"title":68,"links":69},"価格",[70,75,80],{"text":71,"config":72},"プランの表示",{"href":73,"dataGaName":74,"dataGaLocation":41},"/ja-jp/pricing/","view plans",{"text":76,"config":77},"Premiumを選ぶ理由",{"href":78,"dataGaName":79,"dataGaLocation":41},"/ja-jp/pricing/premium/","why premium",{"text":81,"config":82},"Ultimateを選ぶ理由",{"href":83,"dataGaName":84,"dataGaLocation":41},"/ja-jp/pricing/ultimate/","why ultimate",{"title":86,"links":87},"ソリューション",[88,93,98,103,108,113,118,123,128,133,138,143,148,153],{"text":89,"config":90},"デジタルトランスフォーメーション",{"href":91,"dataGaName":92,"dataGaLocation":41},"/ja-jp/topics/digital-transformation/","digital transformation",{"text":94,"config":95},"セキュリティとコンプライアンス",{"href":96,"dataGaName":97,"dataGaLocation":41},"/ja-jp/solutions/application-security-testing/","Application security testing",{"text":99,"config":100},"自動化されたソフトウェアデリバリー",{"href":101,"dataGaName":102,"dataGaLocation":41},"/ja-jp/solutions/delivery-automation/","automated software delivery",{"text":104,"config":105},"アジャイル開発",{"href":106,"dataGaName":107,"dataGaLocation":41},"/ja-jp/solutions/agile-delivery/","agile delivery",{"text":109,"config":110},"クラウドトランスフォーメーション",{"href":111,"dataGaName":112,"dataGaLocation":41},"/ja-jp/topics/cloud-native/","cloud transformation",{"text":114,"config":115},"SCM",{"href":116,"dataGaName":117,"dataGaLocation":41},"/ja-jp/solutions/source-code-management/","source code management",{"text":119,"config":120},"CI/CD",{"href":121,"dataGaName":122,"dataGaLocation":41},"/ja-jp/solutions/continuous-integration/","continuous integration & delivery",{"text":124,"config":125},"バリューストリーム管理",{"href":126,"dataGaName":127,"dataGaLocation":41},"/ja-jp/solutions/value-stream-management/","value stream management",{"text":129,"config":130},"GitOps",{"href":131,"dataGaName":132,"dataGaLocation":41},"/ja-jp/solutions/gitops/","gitops",{"text":134,"config":135},"Enterprise",{"href":136,"dataGaName":137,"dataGaLocation":41},"/ja-jp/enterprise/","enterprise",{"text":139,"config":140},"スモールビジネス",{"href":141,"dataGaName":142,"dataGaLocation":41},"/ja-jp/small-business/","small business",{"text":144,"config":145},"公共機関",{"href":146,"dataGaName":147,"dataGaLocation":41},"/ja-jp/solutions/public-sector/","public sector",{"text":149,"config":150},"教育",{"href":151,"dataGaName":152,"dataGaLocation":41},"/ja-jp/solutions/education/","education",{"text":154,"config":155},"金融サービス",{"href":156,"dataGaName":157,"dataGaLocation":41},"/ja-jp/solutions/finance/","financial services",{"title":159,"links":160},"関連リソース",[161,166,171,176,181,186,190,194,199,204,209,214,219],{"text":162,"config":163},"インストール",{"href":164,"dataGaName":165,"dataGaLocation":41},"/ja-jp/install/","install",{"text":167,"config":168},"クイックスタートガイド",{"href":169,"dataGaName":170,"dataGaLocation":41},"/ja-jp/get-started/","quick setup checklists",{"text":172,"config":173},"学ぶ",{"href":174,"dataGaName":175,"dataGaLocation":41},"https://university.gitlab.com/","learn",{"text":177,"config":178},"製品ドキュメント",{"href":179,"dataGaName":180,"dataGaLocation":41},"https://docs.gitlab.com/","docs",{"text":182,"config":183},"ブログ",{"href":184,"dataGaName":185},"/ja-jp/blog/","blog",{"text":187,"config":188},"お客様の成功事例",{"href":189,"dataGaLocation":41},"/ja-jp/customers/",{"text":191,"config":192},"お客様成功事例",{"href":189,"dataGaName":193,"dataGaLocation":41},"customer success stories",{"text":195,"config":196},"リモート",{"href":197,"dataGaName":198,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"text":200,"config":201},"GitLabサービス",{"href":202,"dataGaName":203,"dataGaLocation":41},"/ja-jp/services/","services",{"text":205,"config":206},"コミュニティ",{"href":207,"dataGaName":208,"dataGaLocation":41},"/community/","community",{"text":210,"config":211},"フォーラム",{"href":212,"dataGaName":213,"dataGaLocation":41},"https://forum.gitlab.com/","forum",{"text":215,"config":216},"イベント",{"href":217,"dataGaName":218,"dataGaLocation":41},"/events/","events",{"text":220,"config":221},"パートナー",{"href":222,"dataGaName":223,"dataGaLocation":41},"/ja-jp/partners/","partners",{"title":225,"links":226},"Company",[227,232,237,242,247,252,257,261,266,271,276,281],{"text":228,"config":229},"GitLabについて",{"href":230,"dataGaName":231,"dataGaLocation":41},"/ja-jp/company/","company",{"text":233,"config":234},"採用情報",{"href":235,"dataGaName":236,"dataGaLocation":41},"/jobs/","jobs",{"text":238,"config":239},"経営陣",{"href":240,"dataGaName":241,"dataGaLocation":41},"/company/team/e-group/","leadership",{"text":243,"config":244},"チーム",{"href":245,"dataGaName":246,"dataGaLocation":41},"/company/team/","team",{"text":248,"config":249},"ハンドブック",{"href":250,"dataGaName":251,"dataGaLocation":41},"https://handbook.gitlab.com/","handbook",{"text":253,"config":254},"投資家向け情報",{"href":255,"dataGaName":256,"dataGaLocation":41},"https://ir.gitlab.com/","investor relations",{"text":258,"config":259},"Sustainability",{"href":260,"dataGaName":258,"dataGaLocation":41},"/sustainability/",{"text":262,"config":263},"ダイバーシティ、インクルージョン、ビロンギング（DIB）",{"href":264,"dataGaName":265,"dataGaLocation":41},"/ja-jp/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":267,"config":268},"トラストセンター",{"href":269,"dataGaName":270,"dataGaLocation":41},"/ja-jp/security/","trust center",{"text":272,"config":273},"ニュースレター",{"href":274,"dataGaName":275,"dataGaLocation":41},"/company/contact/#contact-forms","newsletter",{"text":277,"config":278},"プレス",{"href":279,"dataGaName":280,"dataGaLocation":41},"/press/","press",{"text":282,"config":283},"現代奴隷制の透明性に関する声明",{"href":284,"dataGaName":285,"dataGaLocation":41},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":287,"links":288},"お問い合わせ",[289,293,298,303,308,313,318],{"text":287,"config":290},{"href":291,"dataGaName":292,"dataGaLocation":41},"/ja-jp/sales/","sales",{"text":294,"config":295},"サポートを受ける",{"href":296,"dataGaName":297,"dataGaLocation":41},"/support/","get help",{"text":299,"config":300},"カスタマーポータル",{"href":301,"dataGaName":302,"dataGaLocation":41},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"text":304,"config":305},"ステータス",{"href":306,"dataGaName":307,"dataGaLocation":41},"https://status.gitlab.com/","status",{"text":309,"config":310},"利用規約",{"href":311,"dataGaName":312,"dataGaLocation":41},"/terms/","terms of use",{"text":314,"config":315},"プライバシーに関する声明",{"href":316,"dataGaName":317,"dataGaLocation":41},"/ja-jp/privacy/","privacy statement",{"text":319,"config":320},"Cookieの設定",{"dataGaName":321,"dataGaLocation":41,"id":322,"isOneTrustButton":26},"cookie preferences","ot-sdk-btn",{"items":324},[325,327,329],{"text":309,"config":326},{"href":311,"dataGaName":312,"dataGaLocation":41},{"text":314,"config":328},{"href":316,"dataGaName":317,"dataGaLocation":41},{"text":319,"config":330},{"dataGaName":321,"dataGaLocation":41,"id":322,"isOneTrustButton":26},{"visibility":26,"title":332,"button":333},"The Intelligent Software Development Era: How AI is reshaping DevSecOps teams",{"config":334,"text":336},{"href":335},"/ja-jp/developer-survey/japan/","Get the research report",{"logo":338,"subscribeLink":343,"navItems":347},{"altText":339,"config":340},"the source logo",{"src":341,"href":342},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1750191004/t7wz1klfb2kxkezksv9t.svg","/ja-jp/the-source/",{"text":344,"config":345},"購読する",{"href":346},"#subscribe",[348,352,355],{"text":349,"config":350},"人工知能",{"href":351},"/ja-jp/the-source/ai/",{"text":94,"config":353},{"href":354},"/ja-jp/the-source/security/",{"text":356,"config":357},"プラットフォームとインフラストラクチャ",{"href":358},"/ja-jp/the-source/platform/",{"categoryNames":360},{"ai":349,"platform":356,"security":94},{"title":362,"description":363,"submitMessage":364,"formData":365},"The Sourceニュースレター","ソフトウェア開発の未来への洞察に関する最新情報を入手しましょう。","The Sourceのニュースレターへの登録が完了しました。",{"config":366},{"formId":367,"formName":275,"hideRequiredLabel":26},28467,{"id":369,"title":370,"body":6,"category":6,"config":371,"content":372,"description":6,"extension":24,"meta":388,"navigation":26,"path":389,"seo":390,"slug":7,"stem":391,"testContent":6,"type":392,"__hash__":393},"pages/ja-jp/the-source/security/index.yml","",{"layout":9},[373,380],{"componentName":374,"componentContent":375},"TheSourceCategoryHero",{"title":94,"description":376,"image":377},"進化するセキュリティ脅威とコンプライアンス要件に対応するための最新情報をお届けします。",{"config":378},{"src":379},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463273/aplkxrvwpii26xao5yhi.png",{"componentName":381,"componentContent":382},"TheSourceCategoryMainSection",{"config":383},{"sourceCTAs":384},[385,386,387],"source-lp-guide-to-dynamic-sboms","source-lp-a-field-guide-to-threat-vectors-in-the-software-supply-chain","application-security-in-the-digital-age",{},"/ja-jp/the-source/security",{"title":94,"description":376,"ogImage":370},"ja-jp/the-source/security/index","category","LdkNmpSN4IQ6BbGSqZS7AwRiPaalH_hSrFUQoOJA1UY",{"id":369,"title":370,"body":6,"category":6,"config":395,"content":396,"description":6,"extension":24,"meta":405,"navigation":26,"path":389,"seo":406,"slug":7,"stem":391,"testContent":6,"type":392,"__hash__":393},{"layout":9},[397,401],{"componentName":374,"componentContent":398},{"title":94,"description":376,"image":399},{"config":400},{"src":379},{"componentName":381,"componentContent":402},{"config":403},{"sourceCTAs":404},[385,386,387],{},{"title":94,"description":376,"ogImage":370},{"id":408,"title":409,"body":6,"category":6,"config":410,"content":411,"description":6,"extension":24,"meta":421,"navigation":26,"path":422,"seo":423,"slug":11,"stem":424,"testContent":6,"type":425,"__hash__":426},"theSourceAuthors/ja-jp/the-source/authors/gitlab.yml","Gitlab",{"layout":9},[412,419],{"componentName":413,"componentContent":414},"TheSourceAuthorHero",{"name":415,"headshot":416},"GitLab",{"altText":415,"config":417},{"src":418},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1751463461/ts7io0hgpdyqylbzfire.png",{"componentName":420},"TheSourceArticlesList",{},"/ja-jp/the-source/authors/gitlab",{"title":415},"ja-jp/the-source/authors/gitlab","author","06DC7hYwmQdy2TUll7Wujfp48Vgn0IftSYHrp2PR02U",[428,438,445],{"config":429,"title":430,"description":431,"link":432},{"slug":387},"デジタル時代のアプリケーション・セキュリティ","[世界各地のDevSecOpsの専門家5,000名を対象に行った調査結果](https://about.gitlab.com/ja-jp/developer-survey/2024/security-compliance/)を読み、組織がアタックサーフェス（攻撃対象領域）の増加にどのように取り組んでいるか、またセキュリティとAIに対する姿勢がどのように変化しているかをご覧ください。",{"text":433,"config":434},"レポートを読む",{"href":435,"dataGaName":436,"dataGaLocation":437},"/ja-jp/developer-survey/2024/security-compliance/","Application Security in the Digital Age","thesource",{"config":439,"title":440,"link":441},{"slug":386},"ソフトウェアサプライチェーンにおける脅威ベクターのフィールドガイド",{"config":442},{"href":443,"dataGaName":444,"dataGaLocation":437},"/the-source/security/field-guide-to-threat-vectors-in-the-software-supply-chain/","A field guide to threat vectors in the software supply chain",{"config":446,"title":447,"description":448,"link":449},{"slug":385},"GitLab動的SBOMガイド： 最新のソフトウェア開発に不可欠な要素","ソフトウェア部品表（SBOM）を使用して、これまで認識されていなかった組織リスクを可視化する方法をご紹介します。",{"text":450,"config":451},"ガイドを読む",{"href":452,"dataGaName":453,"dataGaLocation":437},"/the-source/security/guide-to-dynamic-sboms/","Guide to Dynamic SBOMs",1772652107862]