DEVOPSdigest

StackHawk, a software-as-a-service startup that empowers software engineers to easily find and fix application security bugs before they hit production, is launching into general availability.

Over the past year, the product has built a strong base of Early Access customers who have automated their AppSec testing in the CI pipeline, checking for vulnerabilities on every merge. With great feedback from these early customers, StackHawk is now available to any company that wants to deliver secure software.

"We decided to build StackHawk because of the gaping hole in developer-centric security tooling," said Joni Klippert, StackHawk founder and CEO. "I am incredibly proud of the ways we have been able to deliver on that promise as we announce our general availability. Our most excited feedback from early access customers has consistently been from developers and engineering leaders that finally have a tool that fits their workflows and allows them to take ownership of their application security."

While shifting security left is a common refrain within the security industry, the other application security products on the market still assume that a security team member is running the security tests and that tests are run on a scheduled basis. StackHawk is different, with features built specifically for the engineering teams that build the applications.

This shifts the approach from point-in-time pen tests or weekly scheduled scans to automated testing of the microservices that make up a customer facing application in the CI/CD pipeline. This approach shortens fix times, pushes potential vulnerabilities to the engineering teams that built the feature, and ensure that vulnerabilities are caught before they hit production. Key to this automation is integration with CI/CD tooling. StackHawk has partnered with the major CI providers such as CircleCI and GitLab to make it simple to AppSec tests into the build pipeline.

"As a CISO, I know that the application security model used by most software teams does not scale," said Scott Gerlach, co-founder and Chief Security Officer at StackHawk. "Pipeline automation of your security testing is the only way to truly integrate this into modern software delivery, and no one does it better than us. We are excited for more customers to start using StackHawk and ensuring security as they deliver software."

The company offers a startup plan to support earlier stage companies that care about security, but have historically been priced out of the market by enterprise security vendors.