A long time after primarily serving riders with its cab aggregation platform in India, Ola has entered the open source world and launched Jackhammer as its comprehensive vulnerability analysis and management tool. The new development is designed to find security vulnerabilities in apps.
Ola believes that Jackhammer helps security teams to manage complex continuous integration and multiple deployments required for a secure product development. The OWASP pipeline project-based solution has a customised dashboard that gives a consolidated set of vulnerable applications to let organisations identify major vulnerabilities.
“As a homegrown technology company, we realise the importance of building a security infrastructure that will help efficiently address vulnerabilities that may exist in product application, and there was a serious need for such a tool in the development/security community,” said Shadab Siddiqui, head of security engineering, Ola.
Using the open source power through Jackhammer, Ola is bringing security team closer to developers and QA specialists. The presence of QWASP pipeline enables the solution to run multiple open source and commercial tools alongside the existing code, web and mobile apps, WordPress and networks.
Delivers required privileges
Jackhammer works on a complete RBAC (Role Based Access Control) to give individuals required privileges. Also, there is a built-in vulnerability management capability that is integrated with the ticketing system to give organisations an overview of their security deployments.
Moreover, Ola is partnering with product companies to expand its community solution.
“We have already reached out to a few of the leading product companies with Jackhammer, and they are excited about the prospect of benefitting from our application,” Siddiqui said.
Developers can monitor their code using a unified interface. The solution also has the ability to schedule scans on the basis of certain intervals such as daily, weekly and monthly. Further, there is asynchronous scanning of vulnerabilities via Ruby-centric background processing framework sidekiq.
You can access the Jackhammer code directly from its GitHub repository. Ola is also providing an installation guide to let you install its presence using Docker Compose.