Arcjet this week made available a software development kit (SDK) that makes it simpler for JavaScript developers to embed capabilities such as bot detection, rate limiting, email validation, attack protection and data redaction directly within their applications.

Company CEO David Mytton said the release of v1.0 of its Arcjet JavaScript SDK makes it possible for developers to address many of the issues during application development that DevOps teams would otherwise need to address later in the software development lifecycle (SDLC).

Additionally, Arcjet is beta testing a similar SDK for Python developers, who often have even less application security expertise, added Mytton.

It’s not clear to what degree many of the issues that DevOps teams routinely address are simply overlooked by application developers, but the Arcjet SDKs are designed to make it as simple as possible to add a few lines of code to, for example, address security issues as code is being written, noted Mytton.

That capability will also prove to be especially crucial as application developers rely more on artificial intelligence (AI) tools to generate code, he added. Those tools are generally designed to invoke an SDK versus logging into a separate platform to scan code after it has already been developed, said Mytton.

Of course, DevOps teams have, with mixed success, been trying to shift more responsibility for security and other functions further left toward developers for years now. Rather than adding a new tool, it’s generally easier for application developers to invoke an SDK to more naturally address those issues, said Mytton. In fact, over time Arcjet will continue to add more functions into its SDKs to address a wider range of issues, he added.

Ultimately, the goal is to provide an SDK that addresses as many of those functions as possible in a way that doesn’t get in the way of building business logic, said Mytton. The primary focus should be to make sure the joy of building software is not lost in a sea of burdensome tasks, he added.

Exactly how much organizations are spending on various DevSecOps tools and platforms is unknown. A global survey conducted by the Futurum Group finds well over a third of respondents expect their organization to increase spending on software security testing (39%) and application programming interface (API) security (36%) over the next 12 to 18 months. Overall, about 35% said they also plan to make some type of investment in application security. In theory at least, if the code being created by developers could be trusted, the amount of spending on DevSecOps could, while never completely eliminated, be reduced.

Hopefully, as AI coding tools improve, the overall quality of the code going into application environments will steadily improve. In the meantime, however, it’s apparent that many DevOps teams are in danger of being overwhelmed by the volume of code being generated by developers using AI coding tools. An SDK approach to improving code should go a long way toward mitigating those concerns assuming, of course, application developers don’t ignore them altogether.