On the heels of our significant growth investment from TA Associates, we are pleased to announce our acquisition of auto-remediation technology from Jaroona. Jaroona’s intelligent remediation technology accelerates Veracode’s vision and strategy to automatically detect and remediate software vulnerabilities. Jaroona was recognized as a Gartner Inc. 2021 Cool Vendor for DevSecOps.
If you’re looking at things from the development side, the motto when working to build software products would be “ship it”—get it out the door and into the hands of users as soon as possible. From the perspective of the security team, the maxim would be “secure it”—make sure the code is as free of vulnerabilities as possible and is ready for safe use before it ever reaches users.
In the previous article about the coding process, we covered developers using secure coding practices and how to secure the central code repository that represents the single source of truth. After coding is complete, developers move to the build and test processes of the Continuous Integration (CI) phase. These processes use automation to compile code and test it for errors, vulnerabilities, license conformity, unexpected behavior, and of course bugs in the application.
Guest Blog by Daniel Parmenvik – CEO of bytesafe.dev For many, Software Bill of Materials (SBOMs) have changed from a manual list of assets for due diligence procedures to become an integral and automated part of software development. The ever increasing appetite for open-source software translates into a need to keep track of software assets (or open-source dependencies) for all applications, at any given point in time.
In a key step to resolve the longstanding tension between developers and security teams, Rezilion and GitLab are partnering on an important integration to address those needs. This integration helps developers detect and remediate vulnerabilities early on in the development without adding extra work and steps and release products quickly and securely. Deployed in minutes, Rezilion’s DevSecOps platform is now natively integrated with GitLab CI.
Today we make RKVST available for public use with a free access tier so you can discover what a Zero Trust Fabric can do for you. From tracking software supply chain lifecycles to nuclear waste, RKVST is a powerful tool that builds trust in multi-party processes, when it’s critical to have high assurance in data for confident decisions. But before going all the way you can start simple: tracking software releases and contents with SBOMs.
DevSecOps is a key component in companies’ efforts to build strong security into the software products they create. The methodology brings together security and development teams in a joint mission to deliver high-quality, reliable and secure software.
