DEVOPSdigest

ZeroNorth announced new innovative capabilities for its SaaS-based application security automation and orchestration platform.

With these new capabilities, the ZeroNorth platform aims to remove friction between security and DevOps teams by making security integral and transparent within the software development life cycle. By doing so, ZeroNorth empowers developers to deliver the secure software required to drive business growth.

The new features include application portfolio reports and support for additional application scanning tools and toolchain integrations, such as Scout Suite, Aqua Trivy, Gitlab and BitBucket Server. These capabilities are ideally suited for organizations with distributed business lines and DevOps teams that are striving to gain a competitive edge in the current economic climate.

“The shift to DevOps means that both Security and Development must now play a critical role in the delivery of secure software,” said Christian J. van den Branden, SVP, Engineering & Product Management at ZeroNorth. “The ZeroNorth platform seamlessly integrates security throughout the software development lifecycle, empowering the Security team to own the enforcement of standards and reporting while liberating the development team to deliver secure software faster and more easily.”

The new Application Portfolio report highlights the security policies applied to each application, scan results and progress of remediation work, and enables users to drill down from the big picture into details on a more granular level. This visibility ensures the CISO gains a holistic view of risk, while product security and engineering teams can implement application security based on the line of business (LOB) needs.

ZeroNorth makes application security programs transparent and friction free for developers so they can develop secure applications without changing their workflows or being flooded with non-priority tickets. To this end, the ZeroNorth platform is enhancing its roster of leading commercial and open source application security tools with support for Scout Suite, an open source multi-cloud security-auditing tool which enables security posture assessment of cloud environments, and Aqua Trivy, a comprehensive open source vulnerability scanner for container images.

ZeroNorth is also expanding its DevOps toolchain integrations to further support development agility. With this new release, the ZeroNorth platform automatically integrates with, and can scan the contents of BitBucket Server and GitLab source code repositories including branches within both GitLab and GitHub repositories.

"Security teams struggle to keep pace with development, and historically, DevOps teams have neglected security to their peril. With disparate tools clouding the landscape, organizations have left themselves open to attack because of the lack of integration and scant visibility across hybrid environments,” commented Jim Mercer, Research Director at IDC. “The application security and risk management capabilities of the ZeroNorth platform provide a compelling value proposition to help DevOps teams optimize their DevSecOps effectiveness while improving velocity and reducing risk."

ZeroNorth includes key new features that focus on providing greater flexibility to security and development teams, helping them deliver applications at greater velocity, including:

- Customization of vulnerability data compression parameters, such as name and type of vulnerabilities, libraries included etc.

- Customization of alerts to meet the needs of the DevOps process and support data-driven business decisions in real time.

All new features and enhancements are generally available in the ZeroNorth platform.