Pegasystems announced the general availability of Pega Infinity ’24.1™.
Secure Code Warrior announced support for GitHub’s new code scanning functionality in conjunction with a new collaboration with Snyk.
Secure Code Warrior has built a GitHub Action that brings contextual learning to GitHub code scanning. The new GitHub Action processes the new industry-standard SARIF file and appends Secure Code Warrior contextual learning based upon CWE references in a SARIF rule object. This means developers can use a third-party action like the Snyk Container Action to find vulnerabilities, and then augment the output with hyper-relevant learning.
“Secure Code Warrior’s vision is to empower developers with the skills and knowledge to prevent code vulnerabilities in the first place. This new GitHub Action adds our secure code training to industry-standard SARIF files within a GitHub Workflow - delivering developer-centric contextual learning when needed most, ultimately making it easier for developers to release quality code faster.” said Matias Madou, CTO and co-founder, Secure Code Warrior. “We feel that the more context developers have for the vulnerabilities being flagged, the more they’re able to understand the risks, prioritize fixing the most pressing issues, and ultimately prevent them in the first place.”
Secure Code Warrior is positioned to support the new SARIF standard and integrate with other third-party scanning tools inside the Github code scanning ecosystem such as; Snyk, Checkmarx, Fortify On Demand, Synopsis and Veracode. Our open approach to developer-centric learning empowers development and security teams to not just find vulnerabilities but enrich SAST reports with actionable knowledge. This provides developers with the skills and knowledge when they need it most, preventing vulnerabilities from occurring and reducing the need for rework.
“Pairing integrations from Snyk and Secure Code Warrior with GitHub code scanning is a powerful combination that gives developers security information and education that is both insightful and actionable,” said John Leon, VP of Business Development, GitHub.
“Snyk and Secure Code Warrior have a joint focus on helping developers reduce the impact of software vulnerabilities by increasing the security awareness and skills of developers. Combining Snyk's security technology with training solutions from Secure Code Warrior helps developers more easily build secure applications with confidence,” said Gareth Rushgrove, Director of Product Management, Snyk.
Secure Code Warrior has a number of technical integrations that allows organizations to build securely by delivering contextual training and coaching in the developers preferred environment. The platform launched in 2015, helps developers to think and act with a security mindset every day.
Industry News
Mend.io and Sysdig unveiled a joint solution to help developers, DevOps, and security teams accelerate secure software delivery from development to deployment.
GitLab announced new innovations in GitLab 17 to streamline how organizations build, test, secure, and deploy software.
Kobiton announced the beta release of mobile test management, a new feature within its test automation platform.
Gearset announced its new CI/CD solution, Long Term Projects in Pipelines.
Rafay Systems has extended the capabilities of its enterprise PaaS for modern infrastructure to support graphics processing unit- (GPU-) based workloads.
NodeScript, a free, low-code developer environment for workflow automation and API integration, is released by UBIO.
IBM announced IBM Test Accelerator for Z, a solution designed to revolutionize testing on IBM Z, a tool that expedites the shift-left approach, fostering smooth collaboration between z/OS developers and testers.
StreamNative launched Ursa, a Kafka-compatible data streaming engine built on top of lakehouse storage.
GitKraken acquired code health innovator, CodeSee.
ServiceNow introduced a new no‑code development studio and new automation capabilities to accelerate and scale digital transformation across the enterprise.
Security Innovation has added new skills assessments to its Base Camp training platform for software security training.
CAST introduced CAST Highlight Extensions Marketplace — an integrated marketplace for the software intelligence product where users can effortlessly browse and download a diverse range of extensions and plugins.
Red Hat and Elastic announced an expanded collaboration to deliver next-generation search experiences supporting retrieval augmented generation (RAG) patterns using Elasticsearch as a preferred vector database solution integrated on Red Hat OpenShift AI.
Traceable AI announced an Early Access Program for its new Generative AI API Security capabilities.