OpsMx’ Deployment Firewall moves security into CI/CD pipeline

OpsMx has unveiled a new approach to application security with the launch of its Deployment Firewall. This firewall integrates into CI/CD pipelines and enforces application security policies when applications are deployed, blocking releases if there is a vulnerability or security issue. 

According to OpsMx, recent application security efforts across the industry have been focusing on the application development process. While the company acknowledges this is an important part of application security, it can be difficult to then enforce security policies because responsibilities are spread between distributed development teams with differing toolsets and operating models. 

“A deployment firewall gives organizations a simpler, more effective way to enforce their own software delivery process,” said Gopal Dommety, CEO and founder of OpsMx. “Organizations know what they need to do for application security and release compliance, but are too often stuck with siloed data and scattered teams operating on an honor system. The deployment firewall combines rich data sets and good intentions to make security policies actionable.”

With the release of Deployment Firewall, companies now have a firewall that can evaluate applications against a range of policies and block its release if it doesn’t meet all the requirements. Qualifications it uses to determine if a release should go through include manifest files, vulnerability scans, artifact integrity, infrastructure readiness, release quality and performance, and operational controls. 

OpsMx provides a set of firewall rules, and these can be extended or customized by customers.

These rules can also be used to check compliance with popular frameworks, including NIST 800, PCI, and HIPAA. 

The tool also provides the option to simulate deployments before they are ready to be deployed, which allows applications to be checked for compliance ahead of time. 

Deployment Firewall is a part of the OpsMx Deploy Shield product, and can be added to existing Jenkins, Argo, and Spinnaker implementations. The company also plans to add support for GitHub Actions and GitLab in the future.