DEVOPSdigest

Lightspin announced an integration with GitHub that will allow organizations to scan their Infrastructure as Code (IaC) files to proactively prevent code with misconfigurations from being deployed.

By detecting and fixing security issues before they are deployed to the cloud, Lightspin helps organizations embrace a "shift left" approach to security.

Shifting security left is a growing trend that requires organizations to detect security issues earlier in the software development life cycle. Lightspin helps security and DevOps teams to better understand the security posture of their repositories while saving time and more efficiently using technical resources.

"As IaC adoption soars, it's increasingly important for organizations to understand the security risks and complexities that go along with it," said Or Azarzar, CTO and Co-founder of Lightspin. "Misconfigured code and over permissive identities introduced into production can prove to be costly for security teams. Scanning IaC files proactively to prevent these issues from ever being deployed gives organizations peace of mind that they have protected their cloud environment."

Lightspin integrates via a GitHub application to scan repositories for security issues, then prioritizes an organization's repositories based on detected security findings. Once complete, a security or DevOps team can easily view the findings of each file, folder, or repository. Additionally, Lightspin provides an impact log to help teams track changes to their repositories, scanning all pull requests and highlighting the changes that had the biggest impact on their security posture. Security teams can review the details of the pull request to better understand the context.

The GitHub integration is available globally to Lightspin customers at no additional cost. To scan IaC files, users simply install the GitHub app on their repositories.