Recently, Amazon announced new features being added to Amazon CodeGuru Reviewer, a developer tool that works to detect security vulnerabilities in code and provides intelligent recommendations to improve code quality.

These updates include: 

  • A new Detector Library that describes the detectors that CodeGuru Reviewer uses when looking for possible defects and includes code samples for Java and Python
  • New security detectors that work to detect log-injection flaws in Java and Python code 

These new features are available today in all AWS Regions where Amazon CodeGuru is offered. For more information, visit here

JFrog Xray updates 

DevOps company JFrog today introduced contextual analysis security capabilities in JFrog Xray, the company’s DevSecOps solution. These new features enable users to more precisely determine the threat level and relevance of common vulnerability exposures (CVEs).

The goal of this update is to create more rapid and accurately-prioritized remediation of security vulnerabilities. This provides for a holistic, automated, and scalable solution geared at finding, replacing, recovering, and prioritizing hazardous CVEs. 

“With so many vulnerabilities these days, customers need solutions that help them focus on what actually needs protection. By providing binary-level detection of each vulnerability, Xray’s contextual analysis helps developers and security teams make more informed decisions about a particular vulnerability’s impact so they can confidently and quickly execute remediation plans, while reducing overhead,” said Nati Davidi, SVP of JFrog Security. 

Sysdig and Snyk announce partnership

The unified container and cloud security company, Sysdig, and the developer security company, Snyk, today announced the integration of Sysdig Secure with Snyk Container. This combination works to cover container security from development through operations. 

According to internal testing, this allows for the elimination of 95% of vulnerability alerts using runtime intelligence from Sysdig Secure with Snyk Container. 

“For too long, developers have been tasked with the impossible: fighting the unrelenting vulnerability noise that compromises both their speed as well as their company’s overall security. Together with Sysdig, we’re now empowering millions more developers worldwide to innovate securely. We’re excited for what’s ahead as together we advance the global DevSecOps movement in 2022 and beyond,” said Peter McKay, chief executive officer at Snyk.