Contrast Security announced its partnership with GitHub and the availability of its suite of GitHub Actions, simplifying the process for developers to ensure the code they build is free of security vulnerabilities.
Implementing DevSecOps transformation across software delivery pipelines is complex and takes developers out of their existing CI/CD processes. According to the Gartner report Survey Analysis: Enabling Cloud-Native DevSecOps, “40% of organisations have difficulty integrating new processes and security toolsets with their existing legacy ones.”
“The addition of Contrast’s GitHub Actions to the GitHub Marketplace makes it much easier for development, security, and platform operations teams to drive DevSecOps transformation with automation at scale,” said Nikesh Shah, Sr. Director, Strategic Alliances at Contrast Security. “By shifting security automation left within native CI/CD tooling, developers can now embed security within delivery pipelines as their code makes its way from build to test, and through production.”
Now available for deployment, Contrast said its four GitHub Actions – scan analyse, assess for Azure Spring Cloud, assess for Azure Kubernetes Service and assess for Amazon Elastic Kubernetes Service embed security into existing developer value streams with each commit, pull request, test, and deployment.
Contrast Scan Analyse is said to provides automated static code analysis within native CI pipelines, without ever leaving the GitHub environment, while prioritising exploitable vulnerabilities and weeding out noise for scan times that are faster than competing static application security testing (SAST) tools.
Contrast’s GitHub Actions are currently available with support for Java applications, and additional language support is in development including new GitHub Actions for .NET and JavaScript applications.