CIO Influence
CIO Influence News Security

Orca Security Adds Source Code Posture Management for Full Cloud Lifecycle Visibility

Orca Security Adds Source Code Posture Management for Full Cloud Lifecycle Visibility

Integration with GitHub and GitLab Delivers Comprehensive Security Coverage for Source Code Management (SCM) Platforms

Orca Security, the pioneer of agentless-first cloud security, announced new source code posture management capabilities, adding full visibility into source code management (SCM) platforms to the Orca Cloud Security Platform. With integrations for popular SCM tools GitHub and GitLab, Orca is expanding its cloud security footprint, providing end-to-end coverage from source code platforms to the cloud and defending against cloud native risks for the entire development lifecycle.

Also Read: Akamai Completes Acquisition of API Security Company Noname

“Orca understands that cloud security does not begin and end in the cloud. We protect our customers throughout the entire cloud journey”

“Orca understands that cloud security does not begin and end in the cloud. We protect our customers throughout the entire cloud journey,” said Gil Geron, CEO & Co-Founder, Orca Security. “Organizations today move extremely fast during code development. While DevSecOps initiatives have helped them address code vulnerabilities, they can easily overlook the source code management platform itself, which is every bit as risky to the business. With Orca’s new source code posture management capabilities, we are once again expanding our Shift Left Security capabilities, enabling organizations to manage their security journey from code to cloud via a single platform.”

Source code management tools are popular in the development community, providing a single, simple platform to collaborate, manage, track changes and store source code. However, any repository that houses source code represents a significant risk to the business when not properly configured and secured. DevSecOps and many App Sec initiatives do not adequately address this risk as they are often solely concerned with code security and not the configurations of SCM accounts or repositories.

While GitHub, GitLab, and other SCMs do offer robust security features, 62% of organizations have severe vulnerabilities in their source code repositories, while 70% have unencrypted secrets, according to Orca’s 2024 State of the Cloud Security Report. Most security teams are unaware of these native security features and lack visibility into or control over development environments, allowing vulnerabilities and security risks to compound. This leaves organizations unable to protect the infrastructure that they depend on to ship new applications to the cloud.

Also Read: New Cloudflare Report Shows Organizations Struggle with Outdated Security Approaches, While Online Threats Increase

With new capabilities for SCM, Orca is addressing a critical blind spot for security teams, enabling them to detect security risks and remediate misconfigurations across their GitHub and GitLab accounts and repositories. Using its patented SideScanning™ technology, Orca scans all GitHub and GitLab assets and identifies risk hotspots, enabling organizations to centrally manage and enhance the security of their SCM platforms without the need for additional tooling.

Key features of the new release include:

  • Repository inventory: Orca’s GitHub App and GitLab App automatically discover all repositories, including new additions, and deliver a detailed repository inventory.
  • Beyond code security: Orca intelligently leverages best practices from reputable third-parties (e.g. Open Source Security Foundation (OSSF), Legitify) identifying misconfigurations, security risks, and deviations from best practices within the SCM.
  • Dynamic and context-aware alerts: Orca dynamically assesses risk, combatting alert fatigue by prioritizing alerts based on risk severity, exploitability, business impact, and interconnected risks that may endanger high-value assets or lead to significant security incidents.
  • Extended repository insight: Orca enriches the understanding of repositories’ significance and purpose by gathering metadata from GitHub and GitLab, contextualizing all data sources to facilitate comprehensive security insights.
  • Remediation and workflow integration: Orca delivers comprehensive remediation instructions for every alert, accelerating response times for both security and development teams and streamlining workflows.
Also Read: SaaS Alerts Enables MSPs to Identify and Automatically Remediate Google Workspace Security Incidents

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

Related posts

Interlock Launches ThreatSlayer Web3 Security Extension and Incentivized Crowdsourced Internet Security Community

GlobeNewswire

Flexera Upgrades Industry’s Most Powerful SaaS Management Solution for Cost Visibility and Control

CIO Influence News Desk

Tenable Improves Shift-Left Cloud Security to Prevent Vulnerable Containers From Reaching Runtime

GlobeNewswire