Veracode, Inc. today announced enhancements to its cloud-based application risk management platform that make it even easier to embed security verification processes into the software product development lifecycle. With improved automation and expanded APIs, development teams can maximize the benefits of powerful static and dynamic cloud-based security testing in an on-premise development environment while improving productivity, application security quality and policy compliance.
Developers who work in rapid build and test cycles, including Agile and continuous integration teams, can now benefit from an advanced Veracode platform Upload API that supports a fully-scripted build server integration and fully automated security verification for entire software portfolios. This means the Veracode platform can now automate all the necessary security verification steps from uploading applications and specifying status, to creating application profiles and submitting the application for a scan. With specific line-of-code vulnerability identification and remediation instructions, the results may be integrated directly into defect tracking systems without negatively impacting the development cycle. Additional benefits include:
• Timeliness of Alerts: With more rapid results, developers can identify flaws early in the development cycle before they become production issues.
• Decrease Time to Fix: By identifying flaws immediately after checking the application into the build server, developers are able to fix problems more efficiently.
• Improved Policy Compliance: Results are not only delivered quickly, but also through the lens of the company’s security policy; this means development teams receive a severity-based list to prioritize their efforts.
“There has been strong momentum among our customers who are taking advantage of our expanded APIs to capitalize on the rapid security verification benefits that can be achieved through greater automation,” said Jon Stevenson, senior vice president of product strategy, Veracode. “By making security testing a seamless, completely integrated part of the software development cycle, teams don’t have to slow down or extend cycles to build in security, it becomes an integral component that is flexible and scalable.”
Veracode added a number of expanded APIs and reference integrations including an Open Source Jenkins plug-in for integrated static testing in continuous integration SDLCs, and SAML integration support. These integration capabilities create greater flexibility for developers across a number of software specialties, including those in the identity management space working to advance Single Sign-On (SSO) solutions. Veracode provides existing support for security testing in Java, .Net, C/C++, ColdFusion, PHP and mobile development environments including RIM’s BlackBerry operating system (OS), Windows Mobile, Google’s Android OS and Apple iOS.