DEVOPSdigest

Rezilion announced an integration with GitLab.

Deployed in minutes, this native integration with GitLab CI eliminates an organization's vulnerability backlog by 70% and reduces remediation from months to days while addressing 100% of exploitable risk.

Driven by digital transformation, product organizations are innovating faster and pushing large quantities of code daily. In the past, DevSecOps teams were not equipped with critically-needed automation tools to detect, prioritize, and address security risks. GitLab surfaces potential vulnerabilities within the CI pipeline yet developers may spend time patching vulnerabilities that don't pose an actual risk. By using Rezilion in GitLab CI, customers can understand which vulnerabilities are loaded to memory and executed in runtime. This ability means they can focus on true risks instead of focusing on vulnerabilities that are not exploitable.

Adding Rezilion to GitLab CI takes minutes. It seamlessly integrates into developers' existing workflows and reduces the time they have to spend to address vulnerabilities in the Software Development Life Cycle (SDLC). As code is tested and scanned for vulnerabilities developers can now see within their Gitlab UI which vulnerabilities require their attention while non-exploitable vulnerabilities are marked as "false positives" that shouldn't hold back releases. Additionally, customers can get a clear view of all the software components in use with Rezilion's dynamic Software Bill of Materials (SBOM) to understand which software components are vulnerable in the specific runtime context of their environment.

"... This partnership helps to reduce the time joint customers spend on security issues enabling them to address risk earlier in the development process which aligns to GitLab's shift left ethos of delivering secure products faster." said Mike LeBeau, Alliance Manager at GitLab.

With Rezilion's enhanced runtime vulnerability validation technology, the GitLab integration extends developers, DevSecOps, DevOps, and security teams' continuous view of their actual attack surface and allows them to prioritize their remediation efforts on the vulnerabilities and weaknesses that matter the most.

The Rezilion-GitLab integration offers customers the following key features and benefits:

- As much as 70% reduction in false positives and patching efforts by automatically prioritizing which vulnerabilities are exploitable and which are not across GitLab CI pipelines.

- Reduction of remediation timelines from months to days by integrating directly in the development workflow, customers can address real threats promptly.

- Actionable insights within the GitLab UI. Non-exploitable vulnerabilities are marked as "false positives" and can be dismissed, while issues can be easily assigned to fix the exploitable ones.

- A dynamic SBOM that identifies all the software components, including open source components and their exploitability status for a quick view of their risk.

"Joining forces with GitLab provides customers with the first real opportunity to experience GitLab's true, integrated security without friction," said Liran Tancman, Co-Founder and CEO, of Rezilion, Inc. "Together, we're providing our customers with an enhanced solution that helps them not only test and secure builds as a part of a more fluid workflow, but also removes some of the noise, allowing them to focus on security and speed."