Veracode slaps ‘flaw flagger’ into developer toolchain

Software application development focused security and code quality firm Veracode has named its latest product offering Greenlight. The product aims to promote security higher up in the software development lifecycle.

Saying that the short and cyclical nature of DevOps and “continuous” CI/CD development environments requires developers to maintain a rapid pace, the firm argues that vulnerability flaws are often found late in the software lifecycle.

According to NIST, fixing vulnerabilities in the coding stage provides a 10x cost savings versus fixing vulnerabilities in the testing stage.

Veracode Greenlight identifies vulnerabilities and provides advice for fixing security defects within the developers’ integrated development environment (IDE).

Development toolchain proximity

“In working with our customers it has become clear that application security testing must adapt to the continuous development cycle created by DevOps and CI/CD environments,” said Janet Worthington, product manager, Veracode. “By enabling developers to test early and often in the development lifecycle and integrating into the existing development toolchains, Greenlight supports developers to achieve their goals while simultaneously enabling organisations to adopt DevSecOps, making secure code one more dimension of quality code.”

Veracode Greenlight scans code through a full SaaS-based Veracode Static Analysis engine.

The aim is for security and development teams to enable applications to pass compliance faster than if development and security tests were conducted separately and with disparate results.