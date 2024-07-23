Security leaders and software developers will benefit from deeper visibility into their organisations’ software development security posture as they work, bolstering moves towards the nirvana of so-called secure-by-design code, with the introduction of an industry-first solution from sector specialist Secure Code Warrior (SCW).

SCW Trust Agent comes hot on the heels of the introduction of SCW Trust Score, an industry benchmark that quantifies – for the first time – the security competence of software developers within organisations.

It uses the same dataset of millions of learning points collected from hundreds of thousands of developers to help users understand whether code being committed to public open source Git-based repositories is hot to go, or if it could be a risk down the line. It hopes the solution will become an integral part of the secure software development lifecycle.

“At Secure Code Warrior, we are unlocking new value for CISOs by giving them an easy-to-deploy solution to measure the health of code commits and visibility into the hundreds of source code repositories in their organisation,” said Pieter Danhieux, the firm’s co-founder and CEO.

“Our innovations are putting organisations in a better position to bridge the visibility gap between a developer’s skillsets and quality of code produced without sacrificing development velocity.”

Trust Agent will work with any Git-based repo, including GitHub, GitLab, Atlassian Bitbucket and others. It works by examining committed code to see if the uploader is flagged as having the prescribed secure code skillset in that commit’s programming language, and uses that information to rate the health of the commit. These proprietary ratings can then be aggregated across other repos.

SCW believes Trust Agent will offer greater control and flexibility when it comes to developer gatekeeping. For example, it will allow administrators to set up policies and criteria to make sure developers meet a baseline set of expectations before work begins, while for any skills gaps identified through its use, the firm’s agile learning platform can be pushed into play.

Overall, it said, the solution will deliver improved security controls, with policy configurations customisable based on the sensitivity of the project’s needs; comprehensive visibility, including actionable insight into the security posture of code commits; and developer-led security at scale, enabling projects to be delivered quicker and safer, with application security teams freed to focus on the most sensitive reviews.