CIO Influence
CIO Influence News IT and DevOps

GrammaTech CodeSonar Hybrid Cloud Deployment Model Accelerates Integration of SAST into DevSecOps Processes

GrammaTech CodeSonar Hybrid Cloud Deployment Model Accelerates Integration of SAST into DevSecOps Processes
New Version of Static Application Security Testing Solution Supports New Tools and Standards that Make it Easier to Develop Safe, Secure and Defect-Free Software

GrammaTech, a leading provider of application security testing products and software research services, announced a new version of its CodeSonar static application security testing (SAST) solution that can be deployed in both on-premises and hybrid cloud models to seamlessly integrate into existing DevSecOps pipelines and facilitate remote team collaboration. GrammaTech CodeSonar 7.0 also includes enhanced support for development tools from Microsoft, Jenkins and GitLab, and additional secure coding standards that enable organizations to further automate code testing and shift security left.

Latest ITechnology News: AudioCodes Is an Approved Partner for Microsoft Operator Connect Accelerator

According to Gartner, Inc. “DevSecOps offers a means of effectively integrating security into the development process, eliminating or reducing friction between security and development, and pragmatically achieving a secure, workable software development life cycle (SDLC). The goal is to enable development to move faster without compromising on security and compliance.”1

Seamless SAST integration for AppDev Pipelines
To provide greater deployment flexibility and efficiency for detecting and fixing errors in code, the CodeSonar Hub can now be hosted in a single-tenant AWS cloud instance to share CodeSonar capabilities and results across geographically distributed teams. This hybrid SaaS deployment model combines on-premises build environments with the CodeSonar Hub hosted on AWS, simplifying administrative tasks such as provisioning new users and instantly scaling up cloud resources to meet changes in code testing demand.

To further integrate SAST into existing environments and CI/CD pipelines, CodeSonar adds more support for key enterprise IT and development tools to accelerate DevSecOps adoption, including:

  • Simplifying CodeSonar user and role management with LDAP, Microsoft Active Directory and single sign on (SSO) services
  • Delivering CodeSonar warnings directly in Visual Studio 2022 to more efficiently find and fix issues while coding
  • Supporting concurrent builds in Jenkins to make results reporting easier and enable more SAST capabilities in the platform’s workflow
  • These integrations expand existing support for GitHub, GitLab, Eclipse, Jira and others.

“Application security testing can no longer be a standalone function that occurs outside of development pipelines due the cost and product delays of testing code after a build is complete,” said Vince Arneja, Chief Product Officer for GrammaTech. “CodeSonar provides advanced code testing and analysis capabilities that can be seamlessly integrated into any development environment including on-premises, hybrid cloud and remote team scenarios – allowing developers to find code defects earlier, efficiently fix them and accelerate the delivery of quality, safe and secure products.”

Latest ITechnology News: TiVo and TELEV8 Deliver Reimagined TV Experience for Hospitality and Visitor-based Venues

Automating Safety and Security
Supporting coding standards is essential for ensuring developers are continually meeting critical safety, security and industry specific standards as code moves through the SDLC. To help developers meet these standards, CodeSonar adds new rules mapping warning classes to CERT-C and CERT-C++ guidelines which reduces certification costs and increases software quality, safety and security. CodeSonar already supports MISRA/AUTOSAR, ISO 26262/IEC 61508, ISO/SAE 21434, IEC 62443, DO 178 B/C and CENELEC EN 50128. Meanwhile, CodeSonar OWASP, CWE, CERT, and DISA STIG reports accelerate certification efforts by identifying quality and security issues at the earliest stages of the development cycle, so they can be remediated as developers code.

With greater emphasis being placed on open source risk management, many organizations are starting to require a Software Bill of Materials (SBOM) from vendors before accepting a new software package into their development environment. GrammaTech now provides a CycloneDX SBOM for CodeSonar that delivers complete visibility into third-party and open source components it contains so customers can confidently and safely deploy GrammaTech’s SAST solution in their environments while meeting the SBOM requirements of the recent Presidential Cybersecurity Executive Order.

Latest ITechnology News: Medecision Joins Google Cloud Partner Advantage Program

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Sophos Launches New XGS Series of Desktop Firewalls and Updated Firewall Software

GlobeNewswire

SADA Prioritizes Cloud Data Security, Compliance and Operations Excellence in New Board of Director Appointments

CIO Influence News Desk

ITechnology Weekly Highlights : Top ITech News To Read

CIO Influence Staff Writer

Leave a Comment