ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.
Fugue announced Fugue Developer, a free tier that puts engineers in command of cloud security through the entire software development lifecycle (SDLC).
Fugue Developer provides automation tools to visualize cloud infrastructure, detect misconfiguration risks and policy violations, understand infrastructure change, and demonstrate compliance.
Fugue Developer generates rich, dynamic visualization diagrams of cloud infrastructure environments that include configuration details, relationships between resources, and policy violations. New visualizations an be generated on a schedule or on demand with each deployment using the Fugue API and CLI.
Cloud misconfiguration is the number one cause of cloud-based data breaches, and traditional cloud security has failed to address it while frustrating developers with overbearing constraints and time-consuming manual processes. Fugue recognizes that engineers own the security of their cloud infrastructure, and Fugue Developer empowers them with the tools they need to build and operate securely in highly dynamic and regulated cloud environments.
Fugue Developer enables engineers to:
- Auto-generate visualization diagrams of cloud infrastructure and inspect resource configurations and relationships
- Identify cloud misconfiguration risks and policy violations at every stage of the SDLC and get rich feedback to quickly correct them
- Demonstrate cloud infrastructure compliance for CIS Foundations Benchmarks, Fugue Best Practices, and custom policies
- Monitor changes to cloud infrastructure to understand the impact on the security and compliance posture of their environment
- Protect security-critical cloud resources with drift detection and automated remediation without the burdens of scripts and bots
"The cloud upended traditional IT security, forcing hard tradeoffs between agility and security," said Phillip Merrick, CEO of Fugue. "Fugue Developer puts cloud security in the hands of the software developers building and maintaining cloud-based systems so they can free themselves of these frustrations once and for all."
Fugue Developer provides an API and CLI to automate infrastructure policy validations and integrate cloud security in CI/CD pipelines, and a rich GUI for dynamic, exportable visualizations that can handle at-scale cloud environments. Fugue Developer supports custom rules using the open source Rego policy language and Open Policy Agent (OPA) engine. Out-of-the-box support is provided for CIS Foundations Bechmarks for Amazon Web Services (AWS) and Microsoft Azure, and the Fugue Best Practices Framework for identifying advanced cloud misconfiguration vulnerabilities.
Fugue Developer is available now for individual engineers. Customers receive a 30-day free trial of Fugue Enterprise, after which they can choose to purchase Fugue Enterprise or transition to Fugue Developer. Fugue Enterprise supports unlimited users and environments, and additional out-of-the-box support for NIST 800-53, PCI, HIPAA, SOC 2, GDPR, and ISO 27001. Fugue is a Software as a Service (SaaS) product.