The new Checkamarx GitHub action provides automated security scans within GitHub repositories. 

According to the company, it integrates its application security testing solutions – Checkmarx SAST (CxSAST) and Checkmarx SCA (CxSCA) – directly with GitHub code scanning.

“Checkmarx and GitHub share a similar mission in that we’re both focused on helping developers strike a balance between software development speed and security,” said Robert Nilsson, vice president of product management for Checkmarx. “The key to this lies within the power of automation, which helps to simplify the implementation and process of security testing in today’s fast-paced DevOps environments. We’re excited to bring our best-in-class, automated SAST and SCA solutions to the GitHub community and are confident this will enhance developers’ experience and ability in finding and fixing code-borne vulnerabilities.”

Imperva to acquire jSonar
With jSonar, Imperva will be able to provide comprehensive security to support the entire data lifecycle.

This includes a blend of agents and agentless to cover for hundreds of different data stores and environments, both on-premises and in the cloud, a strong UEBA coupled with a native SOAR containing thousands of integrations, data retention, intelligent reporting, and many more capabilities. 

“Together we can help companies meet the demands of new use cases and platforms, providing ultimate flexibility for any customer: For existing Imperva and Guardium customers, for customers new to DAM solutions, for big enterprises and small startups, for cloud, on-premise, and hybrid, and for regulated and unregulated customers who just want to be safe and secure…in a way that is easy to use and provides real and immediate value,”  said Ron Bennatan, the CTO of jSonar.

APIsec introduces automated, certified pen-test report for APIs
APIsec’s update to its API security platform allows enterprise security and compliance groups to obtain certified and compliant API penetration testing reports on-demand.

Enterprise security and compliance groups are mandated to perform periodic penetration testing of their applications as required by industry standards like SOC, HIPAA, PCI, NIST, GDPR, CCPA, and FedRAMP.

CircleCI introduces new Insights dashboard
The new Insights dashboard aims to offer engineering teams access to actionable data for optimizing pipelines and getting more out of CircleCI.

The dashboard allows users to see which jobs are failing, which workflows have failing tests, and to prioritize pipeline improvement.

It also finds out which workflows or jobs are taking the longest and identify opportunities where caching, parallelization, and our new convenience images can help speed things up.

Additional details are available here.

Weekly Apache updates
Last week at Apache saw the release of Apache Flink Stateful Functions 2.2.0, which introduces major features that extend the SDKs, such as support for asynchronous functions in the Python SDK, new persisted state constructs, and a new SDK that allows embedding StateFun functions within a Flink DataStream job.

The foundation said that the best mitigation against CVE-2020-11979 and CVE-2020-1945 issues in the  new Apache Ant 1.10.9 is to make Ant use a directory that is only readable and writable by the current user.

Additionally, this week saw the release of HBase 2.3.2,  NiFi 1.12.1, Camel 3.4.4, and more. The full list of releases is available here.