Contrast Security Adds SCA to Codesec for Free
August 08, 2022

Contrast Security announced that software composition analysis (SCA) is now available for free in CodeSec.

CodeSec offers free application security testing and SCA in a single, developer-friendly interface.

The new SCA feature will enable developers to easily identify vulnerable third-party libraries quickly and accurately, getting secure code moving in minutes.

With a frictionless install, quick scanning of open source software (OSS) and immediate actionable results, developers can start to ship code confidently while easily creating a standardized software bill of materials (SBOM) to manage supply chain risk.

CodeSec makes developer security more efficient and accurate by delivering the following capabilities right to the developer's laptop for free:

- Discover dependencies: Secure vulnerable libraries (in Java, Javascript, Python, Ruby, GO, PHP, .NET) in OSS with lightning speed, accurate scans (SCA), and actionable remediation guidance to ship code faster and create standardized SBOMs with ease.

- Secure your code: Optimize code security for Java, Javascript and .NET applications with fast, industry-leading (SAST) scans and actionable remediation guidance, in a simple command line interface. Additionally, developers can secure GitHub pipelines with Contrast GitHub Actions for free.

- Secure your cloud native applications: Take advantage of a new ground-breaking application security tool for serverless environments in Amazon Web Services (AWS) Lambda Functions (Java + Python) that detects cloud-native vulnerabilities quickly and accurately while providing actionable remediation guidance in a simple command line interface (CLI).

Contrast's new SCA feature within CodeSec enables developers to easily identify the vulnerable libraries in OSS while providing actionable remediation guidance to ship code faster and manage software supply chain risk by allowing developers to create SBOMs with ease.

"Deploying code quickly is key in this market. That's why current-day developers heavily rely on open source code to keep pace with the demands of companies. Those same companies are getting pressure to develop SBOMs and increase visibility into the components that make up the applications they're creating and using each day," said Jeff Williams, co-founder and CTO at Contrast Security. "CodeSec is the answer developers have been waiting for -- a single free tool that quickly and accurately identifies vulnerabilities in custom code, open source, and serverless functions. Instead of wasting time configuring, integrating, and running multiple different security tools, CodeSec provides exactly what developers need."

Share this

Industry News

September 29, 2022

CloudBees announced the acquisition of ReleaseIQ to expand the company’s DevSecOps capabilities, empowering customers with a low-code, end-to-end release orchestration and visibility solution.

September 29, 2022

SmartBear continues expanding its commitment to the Atlassian Marketplace, adding Bugsnag for Jira and SwaggerHub Integration for Confluence.

Bugsnag developers monitoring application stability and documenting in Jira no longer need to interrupt their workflow to access the app. Developers working in SwaggerHub can use the macro to push API definitions and changes directly to other teams and business stakeholders that work within Confluence. By increasing the presence of SmartBear tools on the Atlassian Marketplace, the company continues meeting developers where they are.

September 29, 2022

Ox Security exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft's venture fund, with participation from Rain Capital.

September 29, 2022

cnvrg.io announced that the new Intel Developer Cloud is now available via the cnvrg.io Metacloud platform, providing a fully integrated software and hardware solution.

September 28, 2022

Kong introduced a number of new performance, security and extensibility features across its entire product portfolio, including major new releases of Kong Gateway, Kong Konnect, Kong Mesh, Kong Insomnia and Kong Ingress Controller, as well as new projects from the Kong Incubator.

September 28, 2022

BroadPeak Partners announced the availability of the new K3 API Connector.

September 28, 2022

Aqua Security announced a new end-to-end software supply chain security solution.

September 27, 2022

DevOps Institute will host SKILup Festival in Singapore on November 15, 2022.

September 27, 2022

Delinea announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams.

September 27, 2022

The Apptainer community announced version 1.1.0 of the popular container system for secure, high-performance computing (HPC). Improvements in the new version provide a smaller attack surface for production deployments while offering features that improve and simplify the user experience.

September 26, 2022

Secure Code Warrior unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code.

September 26, 2022

ActiveState announced the availability of the ActiveState Artifact Repository.

September 26, 2022

Split Software announced the availability of its Feature Data Platform in the Microsoft Azure Marketplace.

September 22, 2022

Katalon announced the launch of the Katalon Platform, a modern and comprehensive software quality management platform that enables teams of any size to easily and efficiently test, launch, and optimize apps, products, and software.

September 22, 2022

StackHawk announced its Deeper API Security Test Coverage release.