Parasoft announces the opening of its new office in Northeast Ohio.
Harness announced the general availability of Harness Security Testing Orchestration (STO).
The Harness STO module helps organizations deliver business value to their customers more quickly by increasing release velocity and security in deployments, reducing risk and bringing security to all aspects of the software delivery lifecycle (SDLC). Harness STO eases developer workload by automating security scanning and governance in software delivery.
The Harness STO module is fully integrated into the Harness Software Delivery Platform and is purpose-built to enable engineering and DevSecOps teams to deliver secure applications at high velocity. By automating the scanning, analysis, and prioritization that otherwise slows down the engineering team, Harness STO makes it possible to create and enforce application security policies for a single service or across the whole organization. Orchestrating application security scanners across software delivery and processing the output of the scanners to make it easy for engineers to remediate allows for both high application security and high delivery velocity. Harness STO integrates with leading open source and commercial security scanners and can be used with Harness CI/CD or other CI/CD tooling.
Harness STO eliminates the time consuming manual process of reviewing, synthesizing and acting on the volume of disparate data from multiple scanners. Harness STO normalizes, dedupes and correlates the security scanner data and provides a single dashboard with a prioritized list of actionable results to remediate potential code vulnerabilities. Additionally, Harness STO empowers teams to customize governance configuration and establish consistent policies and procedures using policy as code and the Open Policy Agent (OPA).
"As more organizations adopt a cloud-native approach, they must take steps to secure their SDLC. With Harness STO, entire organizations can embrace the DevSecOps approach without requiring developers to become security experts or slowing down deployments. Harness STO makes security a team sport by infusing security into all aspects of the SDLC," said Jyoti Bansal, CEO and founder of Harness.
Harness STO is generally available today and works seamlessly with Harness CI and CD as part of the Harness Software Delivery Platform or is available as a SaaS, on-prem or hybrid offering.
Industry News
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.