According to the manufacturer Veracode, the Continuous Software Security Platform combines the needs of security and development teams. […]
The new Continuous Software Security Platform from Veracode integrates application security seamlessly into the software Development lifecycle (SDLC), the manufacturer promises. The platform streamlines workflows by bringing the development and security teams together. As a result, it provides a comprehensive overview of risks, remedial measures and current progress at every stage of the development process.
According to a study by Veracode, the average scanning frequency has increased 20 times in the last ten years, with most applications being scanned three times a week. Ten years ago, on the other hand, they were scanned three times a year. In addition, the study shows a 31 percent increase among companies that use multiple scan types.
The Veracode Continuous Software Security Platform offers the following functions, among others:
- Single-pane-of-glass reporting: Security teams can now access unified reports for static analysis, dynamic analysis, software composition analysis and manual penetration testing directly in the portal. Administrators and developers get an overview of the security risks and can use more meaningful license management reports to perform flexible policy controls to quickly fix problems.
- Self-service peerbenchmarking: With comprehensive data and anonymized insights from all platform users, customers now have direct access to reports from the portal, with which they can easily compare the results of their DevSecOps programs with those of other companies in their industry. Based on historical data and many years of knowledge, customers can see how their program key figures compare and create plans to eliminate their risks.
- Software Bill of Materials (SBOM): Security teams can generate and export SBOMs on demand with an integrated REST API. This returns data for a specific application in CycloneDX SBOM format – a standard developed for use in application security contexts and for the analysis of supply chain components. In addition, the data from the API can also be processed and converted outside the Veracode platform.
- Intelligent remediation: The Continuous Software Security Platform uses the technology acquired by Jaroona to identify and fix vulnerabilities in the software using machine learning.
Further information on the Veracode Continuous Software Security Platform can be found here.
*Bernhard Lauer is, among other things, a freelance editor of dotnetpro and manages the Basic Instinct section here, for example. He has been programming privately with Visual Basic since version 1.0.