GitLab announced two acquisitions this week focused on providing security to its platform.
Peach Tech is a security firm that specializes in protocol fuzz testing and dynamic application security testing, and Fuzzit is a continuous fuzz testing solution.
“Bringing the fuzzing technologies of Peach Tech and Fuzzit into GitLab’s security solutions will give our users an even more robust and thorough application security testing experience while enabling them to shift security left,” said Sid Sijbrandij, CEO of GitLab. “This simultaneously simplifies their workflows and creates collaboration between development, security, and operations teams.”
Through fuzz testing, also referred to as fuzzing, developers can provide bad inputs to a program to find bugs, crashes, and faults that could be exploited. With the addition of coverage-guided and behavioral fuzz testing into the DevSecOps toolchain, organizations can find vulnerabilities and weaknesses that traditional QA testing techniques often miss, according to GitLab.
Once the technologies are fully-integrated, GitLab Secure customers will no longer need to depend on standalone fuzz testing solutions to meet their application security testing needs.
Users will have access to Auto DevOps deployment of security testing to vulnerability management and remediation all within the GitLab platform.
The security stage of the application process is woven into the DevOps cycle, which allows teams to adapt their security testing processes to their developers rather than the other way around, GitLab explained.
GitLab added that it plans to accelerate its roadmap for interactive application security testing by extending Peach Tech’s DAST API security engine and Fuzzit’s crash correlation technology.
“Providing GitLab users with the best security testing tools is key to GitLab’s DevSecOps core mission,” said Michael Eddington, the founder and CEO of Peach Tech. “The integration of Peach Tech’s technologies expands GitLab’s shift security left capabilities making the future of security and DevSecOps a reality today for all GitLab users.”
Additional details on the new integrations are available here.