Code Dx, a provider of a robust suite of fast and affordable tools that help software developers and security analysts find, prioritize and visualize software vulnerabilities, today announced the release of version 1.6 of its innovative software assurance solution, Code Dx. The robust software tool now offers seamless integration with Visual Studio and Eclipse, as well as Git and Jenkins, enabling developers to more efficiently and effectively identify, report and fix weaknesses throughout the software development lifecycle.
The number of U.S. data breaches reached a record high in 2014 according to the Identity Theft Resource Center, increasing 27.5 percent over breaches reported in 2013. Industry experts and the Department of Homeland Security (DHS) have traced most compromises to poorly written software. By leveraging Static Application Security Testing (SAST) tools, vulnerabilities can be identified during the development cycle and as part of the acquisition process.
“Code Dx helps eliminate weaknesses in software before hackers have a chance to exploit them. Developers can simply feed their source code into Code Dx anytime during the software development lifecycle and Code Dx automatically selects and runs the appropriate open-source SAST tools for each language in the software code base,” said Anita D’Amico, Ph.D., director of Secure Decisions, the company that developed Code Dx. “The primary focus of our development team for version 1.6 was integration. By providing seamless integration with popular development tools, Code Dx enables a more streamlined process to continually include security in the software development lifecycle.”
Code Dx Version 1.6 now integrates with the following four development tools:
- Visual Studio and Eclipse – Providing plugins for these two popular Integrated Development Environments (IDEs), Code Dx eliminates a major step for developers during the testing process, resulting in significant time savings and increased effectiveness. Developers can now remain in the Visual Studio or Eclipse environment to find bugs and then fix them, eliminating the need to go back and forth between the Code Dx web interface and IDE. They can also double click on anything in the report and see the relevant source so that an issue can be fixed right then and there.
- Git – Through seamless integration with Git, the most widely adopted version control system for software developers, Code Dx users now just need to configure it once and point Code Dx directly to their source code repository and Code Dx will then automatically fetch the source and run it through the scanners. This saves users from having to package up their source code each time, push it to Code Dx and scan it.
- Jenkins – Tightly integrated with this popular continuous integration server for Java environments, the Code Dx plugin can sit on the same project — as Jenkins processes the code and finds any errors, it can then pass artifacts over to Code Dx to be scanned for vulnerabilities.
Availability
Code Dx is a low cost and practical first step towards establishing a software assurance program within an organization or enhancing an existing software assurance program. Code Dx Standard Edition Version 1.6 and Code Dx Enterprise Edition Version 1.6 are available worldwide.