DEVOPSdigest

Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.

Code-to-Runtime is seamless and agentless, requiring only API-based integration to Source Code Management (SCM) and runtime environments without the need for manual tagging, labeling, or other methods. With deeper insight into software architecture, users can now deliver actionable insights to the right developer, making risk prioritization, remediation, and prevention more efficient.

With autonomous Code-to-Runtime mapping, Apiiro automatically performs a deep code analysis on code repositories to identify all types of code components including APIs, OSS dependencies, code modules, DataModels, and more. In addition, it analyzes container images and identifies similarities with no setup or intervention required. With Code-to-Runtime, customers can now:

- Streamline risk prioritization and remediation: Prioritize risks detected at the development phase with runtime context and remediate risks detected in runtime with enriched code context. Apiiro provides insight into where code components or toxic combinations of risky code components are deployed using agentless, API-based integrations in customer Kubernetes clusters or CSPM vendors to identify internet exposure. This connection enriches runtime risks with code context including the code owner and locations within code where the vulnerability needs to be addressed to enable successful remediation. This provides AppSec engineers and software developers with the deepest insights into software architecture and full exposure paths including related pipelines that build and deploy the code repository or code module.

- Reduce friction between AppSec, GRC, and development teams: AppSec solutions on the market today don’t have a deep enough understanding of software architectures from code-to-runtime that enables developers to effectively deliver software to production. Apiiro’s deep code analysis (DCA) combined with its Risk Graph engine implements guardrail at the design, development, and delivery phases, eliminating time developers are blocked by silo application security tools or other ASPM platforms by 85%.

- Reduce alert fatigue: Correlate and group different versions of the same container image to create a single risk for a vulnerability detected in multiple versions. Apiiro also correlates between the container risk and the code risk found by software composition analysis (SCA) scanners.

- Gain single pane of glass into Artifact inventories: Achieve complete visibility into complex software architecture with a single, risk-based pane of glass view. Apiiro deduplicates Artifact inventories by pulling information from security tools running in continuous integration, registries, and deployed containers. Information is then correlated with deployment insights from Kubernetes clusters and/or CSPMs to deduplicate and enrich with relevant code context.

“Apiiro is committed to enabling autonomous security across the entire software development lifecycle, and true code-to-runtime matching goes beyond containers and cloud environments,” said Moti Gindi, chief product officer at Apiiro. “Our platform understands that not every code component is relevant to what’s running in production and not every runtime component is relevant to the codebase or person responsible for it. Code-to-Runtime delivers the level of precision required to gather meaningful insights and prevent the influx of false positives that plague other solutions on the market. As evidenced by our partnership with Akamai earlier this year, we’re delivering a holistic approach, matching APIs in code to API endpoints in runtime. This not only enhances overall application security, it enables teams to focus on the most critical issues to foster a more secure and efficient development lifecycle.”