Orca Security announced the industry's
first cloud security solution to provide context-aware Shift Left
Security for cloud infrastructure and applications. Orca Security helps
DevOps teams understand the potential impact of security issues on cloud
application production environments, and fix those issues earlier in
the software development lifecycle (SDLC), while also providing security
teams with automated remediation to prevent security issues from
progressing across the SDLC.
Orca's
new command-line interface (CLI) called Orca CLI enables developers and
DevOps teams to quickly scan locally hosted images and IaC templates,
view results directly in developer tools, and surface findings within
the Orca platform. Orca CLI supports any standard CI tool, such as
GitHub Actions, Jenkins, CircleCI, Bamboo, or Bitbucket. Developer and
DevOps workflows can now include scanning for vulnerabilities, secrets,
malware, and compliance issues.
"Organizations
continue to adopt cloud-native architectures and want to ship their
applications as quickly as possible while ensuring they are secure in
production. Previously, organizations needed multiple tools to secure
each part of the application lifecycle which resulted in a lack of
shared context across each phase of development and runtime," said Avi
Shua, co-founder and CEO for Orca Security. "At Orca Security, we
believe that both DevOps and security teams deserve context-aware
security across the entire application lifecycle in a single platform -
by shifting security left into development and automatically remediating
risks in production."
Unifying Cloud Security Across the Full Application Lifecycle
Security
leaders are responsible for all aspects of security governance,
including ensuring that applications are fully tested and secured in
production. Orca Security delivers Shift Left Security capabilities
securely across the Build, Deploy, and Run phases of the software
development lifecycle to help companies detect critical risks and meet
compliance mandates:
- Build: Container
images and IaC templates are scanned for vulnerabilities and
misconfigurations on the developer desktop or as part of regular,
continuous integration and continuous delivery (CI/CD) workflows. This
context-aware process takes into consideration both the current run time
environment as well as the deployed code to deliver a dramatic
improvement in accuracy.
- Deploy: Registries
are continually monitored to ensure application artifacts are secure
before deployment, with guardrail policies in place to prevent insecure
deployments. Continuous monitoring also identifies secrets such as when
private keys are found as part of a CI scan that could allow lateral
movement within a cloud estate.
- Run: Production
environments are also monitored for risks with contextual and
prioritized alerts, risks are remediated automatically, and data
integrates with modern ticketing and notification tools.