DEVOPSdigest

GrammaTech and ArmorCode announced a technology integration partnership to help customers automate product security across development, testing, feedback and deployment.

The GrammaTech CodeSonar® SAST (static application security testing) platform provides deep safety and security vulnerability intelligence to ArmorCode for orchestrating application security operations within CI/CD pipelines.

The companies are collaborating to offer integrated solutions for ensuring the safety and security of mission-critical automotive, aerospace, enterprise, and industrial products.

“Unifying application security tools and intelligence to orchestrate operations across developer pipelines is central to preventing safety and security vulnerabilities from reaching market ready products,” said Katie Norton, Senior Research Analyst, DevOps & DevSecOps, IDC. “Together, GrammaTech CodeSonar and ArmorCode can enable customers to automate end-to-end DevSecOps workflows instead of stitching together often siloed processes.”

The integration of ArmorCode and CodeSonar provides customers a centralized 360 degree view of vulnerabilities in CI/CD pipelines and prioritizes them for resolution, which is essential for implementing DevSecOps across physically distributed development environments and for satisfying standards based coding practices such as MISRA for automotive products.

“As organizations across industries adopt DevSecOps to accelerate the delivery of software, the number of security vulnerabilities have increased exponentially. Furthermore, the security teams responsible for protecting the business are struggling to manage the risk and to keep pace with the speed of delivery,” said Mark Lambert, Chief Product Officer for ArmorCode. “This integration between GrammaTech CodeSonar and ArmorCode delivers the visibility and workflow automation these teams need to ship secure software and ship it fast.”

“Identifying and remediating security vulnerabilities in complex development environments that span multiple geographies can be challenging due to siloed data and workflows, which can lead to product delays or worse,” said Vince Arneja, Chief Product Officer for GrammaTech. “Together, CodeSonar and ArmorCode deliver deep visibility into vulnerabilities and automated orchestration capabilities to help customers improve the security of their code, while delivering safer products to market faster.”

The ArmorCode AppSecOps platform unifies vulnerability management to reduce the detection and remediation response time for security risks and minimize the disruption of software release schedules. It centralizes findings and remediations from hundreds of application, infrastructure, and cloud security tools; normalizes, de-dupes, correlates, and prioritizes data; automates critical vulnerability management workflows; and provides developers the information they need to quickly remediate problems.

CodeSonar’s SAST analysis supports all leading product development languages (C, C++, C# and Java) in one unified platform. The platform supports the validation of coding standards and best practices including MISRA, JPL, CERT-C and static verification using formal method concepts to find defects including runtime errors, buffer overruns, API misuse, misuse of socket API, suspicious behavior, dead code and unused variables. It finds defects that impact software quality and security, and scales to meet the most rigorous real-world requirements, programs and processes.

CodeSonar’s integration for ArmorCode is available immediately.