CIO Influence
CIO Influence News IT and DevOps Security

Accurics Unveils GitLab Static Analysis Integration To Contextualize Risk Across The SDLC

Accurics Unveils GitLab Static Analysis Integration To Contextualize Risk Across The SDLC
Integration supports misconfiguration and vulnerability correlation, reducing noise and empowering developers to fix riskiest threats first

Accurics, the cloud cyber resilience specialist, announced a technology partnership with GitLab, a single application for the DevOps lifecycle, as well as the general availability of its integration with GitLab’s Static Application Security Testing (SAST) solution. Accurics leverages the integration with GitLab to provide DevSecOps teams with a holistic, contextualized view of application and infrastructure risks. Organizations can now establish and programmatically enforce consistent risk management policies throughout the Software Development Lifecycle (SDLC) while minimizing the effort and expense of manual triage and investigation.

Recommended ITech News:  Sequans Communications Adopts Cadence RF Solution to Develop Next-Generation 5G IoT Platform

Accurics and GitLabs partner to provide DevSecOps with holistic, contextualized view of application and cloud infrastructure risks.

Cloud infrastructure and applications are traditionally deployed from two separate pipelines, which dissociates application security vulnerabilities from Infrastructure as Code (IaC) misconfigurations. As a result, developers are often left with a long list of vulnerabilities and misconfigurations to fix without the context required to prioritize remediation of those vulnerabilities and misconfigurations that could actually be exploited.

“The most effective innovation is often incremental – for example, new capabilities and additional functionality accompanied by relevant security advances,” said Om Moolchandani, Co-founder, CTO & CISO at Accurics. “In this environment, we see diverse and largely unconnected vulnerabilities and misconfigurations, collectively producing a level of noise that makes identifying the most serious risks vital but difficult. The partnership with GitLab serves to add greater context to every layer of code and strengthens the security risk posture throughout the extended development lifecycle.”

Recommended ITech News:  Nuvias Adds Deep Instinct to its Cybersecurity Vendor Portfolio

The integration with GitLab helps Accurics users overcome these challenges by correlating IaC, cloud, and SAST vulnerabilities to help mitigate risk throughout the SDLC and generate a threat score. This threat score can be used by policy guardrails established with Policy as Code, blocking the riskiest builds from being deployed into production while providing insight into less risky problems that don’t warrant breaking the build. As a result, developers are able to focus resources on remediating the most immediate threats first.

“The growing adoption of GitOps practices and Infrastructure as Code necessitates scalable risk management tools,” said Nima Badiey, Vice President, Global Alliances at GitLab. “The integration between GitLab and Accurics will help customers to programmatically define infrastructure and risk management policies more effectively throughout the software development lifecycle.”

Recommended ITech News:  Inmar Intelligence Launches New Data Security Platform, AutoSentinel™

Related posts

Integrated Research welcomes Ian Lowe as CEO

PR Newswire

Cybersec Experts Share Ideas on How to Fight Ransomware Attackers

Sudipto Ghosh

Saudi Lime Selects Infor Cloud to Help Drive Digital Transformation Strategy

CIO Influence News Desk