Accurics Integrates with GitLab
June 14, 2021

Accurics announced a technology partnership with GitLab as well as the general availability of its integration with GitLab's Static Application Security Testing (SAST) solution.

Accurics leverages the integration with GitLab to provide DevSecOps teams with a holistic, contextualized view of application and infrastructure risks. Organizations can now establish and programmatically enforce consistent risk management policies throughout the Software Development Lifecycle (SDLC) while minimizing the effort and expense of manual triage and investigation.

Cloud infrastructure and applications are traditionally deployed from two separate pipelines, which dissociates application security vulnerabilities from Infrastructure as Code (IaC) misconfigurations. As a result, developers are often left with a long list of vulnerabilities and misconfigurations to fix without the context required to prioritize remediation of those vulnerabilities and misconfigurations that could actually be exploited.

“The most effective innovation is often incremental – for example, new capabilities and additional functionality accompanied by relevant security advances,” said Om Moolchandani, Co-founder, CTO & CISO at Accurics. “In this environment, we see diverse and largely unconnected vulnerabilities and misconfigurations, collectively producing a level of noise that makes identifying the most serious risks vital but difficult. The partnership with GitLab serves to add greater context to every layer of code and strengthens the security risk posture throughout the extended development lifecycle.”

The integration with GitLab helps Accurics users overcome these challenges by correlating IaC, cloud, and SAST vulnerabilities to help mitigate risk throughout the SDLC and generate a threat score. This threat score can be used by policy guardrails established with Policy as Code, blocking the riskiest builds from being deployed into production while providing insight into less risky problems that don't warrant breaking the build. As a result, developers are able to focus resources on remediating the most immediate threats first.

“The growing adoption of GitOps practices and Infrastructure as Code necessitates scalable risk management tools,” said Nima Badiey, VP, Global Alliances at GitLab. “The integration between GitLab and Accurics will help customers to programmatically define infrastructure and risk management policies more effectively throughout the software development lifecycle.”

Share this

Industry News

July 29, 2021

Couchbase announced the general availability of Couchbase Server 7.

July 29, 2021

Cycloid has unveiled Infra Import, a tool that automatically reverse engineers Terraform Infra-as-Code (IaC) from manually deployed infrastructure.

July 29, 2021

Launchable closed a $9.5 million Series A investment.

July 29, 2021

Rafay Systems announced automation and monitoring enhancements to its flagship Kubernetes Management Cloud (KMC).

July 28, 2021

Progress announced the R2 2021 release of Progress Telerik Test Studio, the enterprise UI test automation platform.

July 28, 2021

Synopsys announced the availability of new Rapid Scan capabilities within the company's Coverity static application security testing (SAST) and Black Duck software composition analysis (SCA) solutions.

July 28, 2021

Bitdefender announced GravityZone Security for Containers, expanding its cloud workload security (CWS) offering with run-time support for containers and Linux kernel independence.

July 28, 2021

Armory announced Armory Enterprise on AWS Quick Starts, automated reference deployments built by Amazon Web Services (AWS) solutions architects and AWS Partners.

July 27, 2021

Katalon introduced Katalon TestOps, an open and comprehensive test orchestration platform designed to help enterprises scale test automation and streamline DevOps pipelines.

July 27, 2021

Digital.ai achieved Federal Risk and Authorization Management Program (FedRAMP) “In Process” status for an Enterprise Agile Planning (EAP) tool.

July 27, 2021

Aqua Security rolls out the availability of its new Aqua Platform, with a unified console to ease the journey from scanning and visibility to workload protection in cloud native environments.

July 26, 2021

Parallel Agile announced a new version of CodeBot, a low-code MERN stack application generator.

July 26, 2021

Appian unveiled its new Appian Japan regional office.

July 26, 2021

CloudTruth raised $5.25 million in seed funding led by Glasswing Ventures and Gutbrain Ventures, with additional funding from Stage 1 Ventures and York IE.

July 22, 2021

Postman successfully obtained the System and Organization Controls (SOC) 2 Type 2 and SOC 3 Type 2 reports for the Postman API platform, meeting critical industry standards relative to the Trust Services Criteria for security, availability, and confidentiality.