Veracode, the largest global provider of
application security testing (AST), has announced
a new GitHub
Action to provide developers with an easy
and familiar way to ensure that the code they are writing is secure - as they
write it. The action enables
developers to perform Veracode's Static Policy Scan workflow, initiate a
pipeline scan, and consume pipeline scan results all within GitHub's code
scanning UI.
GitHub Actions CI/CD helps developers improve time to
market by allowing them to build, test and deploy code directly from within
GitHub. Developers can invoke Veracode's Static Analysis (SAST) scans from
GitHub Actions, significantly expanding the security testing capabilities for
developers leveraging GitHub workflows, and allowing them to build security
directly into their DevOps processes and scale development across the team.
John Leon, VP of Business Development at GitHub, said,
"Veracode understands the importance of shifting left in the development
lifecycle to enable teams to find and fix flaws at scale. With software
development moving at breakneck speed, this new GitHub Action further enables
our joint customers to develop secure software, without compromising speed or
quality - all within a familiar interface."
Veracode's Static Analysis solution enables DevSecOps
by providing fast, automated and actionable security feedback to developers in
their pipeline - when they compile their code or when they check in their code
- and conducting a full policy scan before deployment. With the new GitHub
Action, developers can control Veracode scans as they write code within the
GitHub environment and get clear guidance on how to remediate issues. Scan
results are converted into GitHub code scanning alerts. When code is ready for
deployment, developers can conduct the Veracode Policy Scan for a full
assessment of the code, with an audit trail for compliance that can be
previewed before triggering alerts. Veracode results have high accuracy without
manual tuning as a result of the intelligence of Veracode's SaaS platform which
has scanned more than 21 trillion lines of code, to date.
Ian McLeod, Chief Product Officer at Veracode, said,
"Secure development at scale is only possible if developers assume ownership of
ensuring that the code they are writing is secure from the start. It's
therefore critical that we provide tools and integrations that simplify the job
for the developer and make the capabilities available in the tools they use
every day. Our new GitHub Action provides a seamless experience that saves
developers time, while giving them the confidence that the code they're writing
is secure."
Veracode tools are available as GitHub Actions in the
GitHub Marketplace.