Veracode launched Dynamic Duo: DAST Essentials and Veracode GitHub App
November 2023 by Marc Jacob
Veracode announced product innovations to enhance the developer experience. The new features integrate security into the software development lifecycle (SDLC) and drive adoption of application security techniques in the environments where developers work.
According to a recent study by analyst firm IDC, 84 percent of organisations say developer acceptance of security tooling is the “most important requirement” or a “very important requirement” for DevSecOps adoption.¹ Veracode’s latest innovations redefine the approach to securing cloud-native applications throughout the SDLC, reinforcing the company’s commitment to providing a unified platform for comprehensive security risk management.
Veracode addresses this challenge by providing a unified platform that not only monitors and mitigates risk but also streamlines developer workflows across repositories, IDEs, and the cloud. By delivering developer-friendly security tools, we empower organisations to deliver secure software faster, eliminating the need to compromise between security and speed.”
The Next Frontier: DAST Essentials
In a world where web applications account for 60 percent of breaches² and API attacks skyrocketed by 137 percent in 2022,³ ensuring cloud-native applications are sufficiently protected and continuously monitored is paramount. Dynamic scanning analyses live runtime systems using real-world attack methods in a safe environment and can be performed in a pre-production environment—within the SDLC. Traditional point solutions fall short and often don’t offer the scalability and flexibility required by growing organisations. In contrast, Veracode’s DAST Essentials is an agile solution that empowers developers and security teams to address risk easily at speed and scale.
"As organisations continue to grapple with the challenge of securing an ever-expanding attack surface, the need for comprehensive solutions is undeniable. Balancing speed of development with robust security is a daunting task, hindered by the time-consuming nature of regular dynamic scans and the disconnect between development and security teams," said Katie Norton, senior research analyst, DevOps and DevSecOps, at IDC. "Solutions, like Veracode DAST Essentials, that are integrated and reduce friction for developers can help to accelerate secure software development, unify remediation efforts, and empower organisations to strengthen their defences in the evolving cybersecurity landscape.”
With one of lowest customer-reported false-positive rates (below five percent), Veracode DAST Essentials scans and tests multiple web applications and APIs (Application Programming Interfaces) simultaneously. Veracode’s State of Software Security research found 80 percent of web applications have critical vulnerabilities that can only be identified through dynamic scanning. This emphasises the critical role DAST (Dynamic Application Security Testing) plays in a robust application security program, ensuring organisations can address exploitable vulnerabilities in cloud-native software accurately and swiftly.
Supply chain solutions specialist, Manhattan Associates, chose to partner with Veracode on its dynamic analysis and cloud-native security program. Rob Thomas, Executive Vice President, Research & Development and Cloud Operations at Manhattan Associates, said, “Veracode’s tenure in the industry and the fact that they are cloud-based means they can continually deliver new innovation. Having a cloud-native partner like Veracode enables us to scan our software continuously so we have real-time confidence that our solution is as safe as possible.”
Enhancing Developer Workflows: Veracode GitHub App
Veracode understands the challenges developers face in adopting cloud-native security measures without disrupting their workflows. The Veracode GitHub App facilitates developer adoption, allowing application security teams to configure once and seamlessly onboard developers. This integration enables developers to fix code quickly in the environments where they work with a single tool for static, software composition analysis (SCA), and container security scanning. The result is a faster, frictionless development process that doesn’t compromise security.
Enhanced Repo Scanning
Scanning cloud-native applications for the first time is often a manual, complex and frustrating process. The Veracode GitHub App simplifies this by providing developers with frustration-free scan results in their preferred environment. DevOps teams can easily onboard repositories without manual setup, maintaining development velocity and streamlining scan processes. With the ability to standardise scan configurations across hundreds of repositories using a single click, DevOps teams can reduce friction and integrate cloud-native security much earlier in the development cycle.