StackHawk announced GitHub Pull Request
Checks, a new feature expanding its GitHub Marketplace App to include pull
request comments, commit statuses and scan tagging capabilities. Pull requests
are at the heart of the development workflow, with over 83 million developers
relying on GitHub pull requests to introduce new code, complete code reviews
and review automated test results. Receiving feedback on security testing
within these requests is a natural extension of this workflow. StackHawk's
GitHub Pull Request Checks incorporates security scan results into pull request
comments, so developers can review findings in real-time, and easily jump to
the StackHawk interface to triage or remediate a vulnerability if needed.
The new functionality also enables security and
development teams to work more efficiently by linking StackHawk scans to the
relevant GitHub branch and commits. Security and DevSec teams can leverage
these details to provide valuable information as to when and where a
vulnerability was introduced when collaborating with developers on complex
fixes.
"In today's world, where applications and APIs
are the number one attack vectors, giving developers the tools to fix
vulnerabilities before an issue hits production is critical for all
organizations," said Joni Klippert, StackHawk co-founder and CEO. "StackHawk
was built to put application and API security in the hands of developers, and
while we've been the leader of developer-centric tooling in DAST, the next step
forward is enabling developers to work on security issues within their normal
environment and existing workflows. Integrating with GitHub repositories to
deliver DAST results where developers are already monitoring code feedback and
other software test results gets us even closer to completing our vision."
Without a developer-first approach, traditional
security cannot keep pace with the current speed of software development, as
teams are expected to build and deploy new code daily or more frequently.
Automating security feedback on every pull request and fixing vulnerabilities
before production makes securing code part of the continuous development
workflow, aligning security testing with other automated testing processes that
are completed before deploying software.
The StackHawk GitHub App is
now available in the GitHub Marketplace.