One Article Review
| Source |  Veracode |
|---|---|
| Identifiant | 2103311 |
| Date de publication | 2020-10-05 11:42:27 (vue: 2020-12-15 21:05:43) |
| Titre | Veracode Makes DevSecOps a Seamless Experience With GitHub Code Scanning |
| Texte |  Developers face a bevy of roadblocks in their race to meet tight deadlines, which means they often pull from risky open source libraries and prioritize security flaws on the fly. In a recent ESG survey report, Modern Application Development Security, we saw that 54% of organizations push vulnerable code just to meet critical deadlines, and while they plan for remediation on a later release, lingering flaws only add to risky security debt. With speed a critical factor in what makes or breaks the success of your application deployments, that means the health of your code ??? and your security ??? is on the line.
GitHub Actions are an intuitive way to solve the need for speed without sacrificing quality, helping your developers stay on schedule by enabling them to build, test, and deploy code directly from GitHub. And with over 50 million developers on GitHub, plus more than 200,000 automated fixes merged into GitHub repositories since May of 2019, it???s clear that GitHub is a hotspot for developers. When paired with the right application security (AppSec) scan types and SaaS-based approaches, this integration makes GitHub Actions an invaluable part of your development team???s workflow.
That???s why we???re excited to announce our new GitHub Action to help streamline your AppSec workflow for the developers on your team. The action is directly embedded within the native GitHub code scanning user interface, ensuring your DevSecOps practices are seamless, efficient, and effective. By making Veracode???s AppSec tools accessible in a familiar interface like GitHub, developers on your team can jump right into secure coding with critical testing and analysis that won???t halt projects or slow production down.
The Veracode solution to enhanced workflows
Developers can perform Veracode???s Static Policy Scan or Pipeline Scan and see the results of that scan within the GitHub Security tab. The ability to invoke Veracode???s Static Analysis (SAST) scans from within their own GitHub projects significantly expands the testing capability for developers leveraging GitHub workflows, and allows them to build security into their DevOps processes to scale development across their team.
That???s less downtime and fewer bottlenecks for faster innovation. With such a high frequency of commits flowing through GitHub (more than 2,000 direct contributors made commit contributions to TensorFlow alone in 2019), Veracode???s multi-scan and SaaS-based solutions mean that our customers have a leg-up when it comes to harnessing GitHub Actions for speed and efficiency.ツ?ツ?
This functionality comes as part of GitHub code scanning launch, with our GitHub Action available in the GitHub Marketplace. ???Veracode is a leader in application security and truly understands the importance of shifting left in the development lifecycle to enable teams to find and fix flaws at scale,??? says John Leon, VP of Business Development at GitHub. ???With software development moving at breakneck speed, this new GitHub Action further enables our joint customers to develop secure software, without compromising speed or quality ??? all within a familiar interface.???
|
| Envoyé | Oui |
| Condensat | 000 200 2019 ability accessible accurate across action actionable actions add addition adjust advice alerts all allows alone analysis announce application approaches appsec are assessment audit automated available based bevy bottlenecks breakneck breaks build business can capability clear code coding comes commit commits compliance compromising contributions contributors control converted course critical customers date deadlines debt delays delivered deploy deployment deployments develop developers development devops devsecops direct directly down downtime each effective efficiency efficient efforts embedded enable enables enabling enhanced ensuring environment esg excited expands experience face factor familiar fast faster feature feedback fewer find fix fixes flaws flowing fly forward frequency from functionality further get github halt harnessing have health help helping high highly hotspot importance initiatives innovation integration intelligence interface intuitive invaluable invoke john joint jump just keep later launch leader left leg leon less leveraging libraries lifecycle like line lines lingering made makes making manual marketplace may mean meaning means meet merged million modern more moving multi native natural need new often once only open organizations over own paired part perform pipeline plan platform plus policy practices prioritize processes production projects prove provides pull push quality race ready receive recent release remediation report repositories result results right risky roadblocks robust saas sacrificing sast saw says scale scan scanning scans schedule seamless secure security see shifting significantly since slow software solution solutions solve source speed stage started static stay streamline success such survey tab team teams tensorflow test testing than them through tight tools trail trillion truly tuning types understands user veracode visit vulnerable way what when which why within without won workflow workflows working your |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.