The short and cyclical nature of DevOps and CI/CD development environments requires developers to maintain a rapid pace of innovation in order to drive business growth. Finding vulnerabilities late in the software lifecycle disrupts this process by slowing down production and release cycles and increasing development costs. According to NIST, fixing vulnerabilities in the coding stage provides a 10x cost savings versus fixing vulnerabilities in the testing stage.
Veracode Greenlight identifies vulnerabilities and provides advice for fixing security defects within the developers’ integrated development environment (IDE). By integrating into existing IDEs, security is embedded directly into the development process so developers can remediate defects at the point with the lowest cost and least amount of disruption. This provides the speed and agility DevOps and CI/DC environments require and helps developers meet both security and functional requirements for their code.
“In working with our customers it has become clear that application security testing must adapt to the continuous development cycle created by DevOps and CI/CD environments,” said Janet Worthington, Product Manager, Veracode. “By enabling developers to test early and often in the development lifecycle and integrating into the existing development toolchains, Greenlight supports developers to achieve their goals while simultaneously enabling organizations to adopt DevSecOps, making secure code one more dimension of quality code.”
Veracode Greenlight scans code through the full SaaS-based Veracode Static Analysis engine to provide a high availability and scalable solution that delivers high accuracy and a low false positive rate. Customers will benefit from a cutting-edge technology, strengthened by more than 10 years of application security expertise. Combined with the Veracode Static Analysis Solution, Veracode Greenlight ensures consistent results for security and development teams enabling applications to pass compliance much faster than if development and security tests were conducted separately and with disparate results.
“Application security is a problem affecting the entire software development lifecycle, not just the quality assurance phase or the development phase,” said Scott Crawford, Research Director for Information Security with 451 Research. “Using Veracode Greenlight to find and fix vulnerabilities early in the development process combined with Veracode’s Static Analysis solution supports an end-to-end approach with technologies that help ensure security with speed and usability for both development and security teams.”
For more information about Veracode Greenlight visit: https://www.veracode.com/products/greenlight