Veracode Introduces New GitHub Action
October 05, 2020

Veracode announced a new GitHub Action to provide developers with an easy and familiar way to ensure that the code they are writing is secure – as they write it. The action enables developers to perform Veracode’s Static Policy Scan workflow, initiate a pipeline scan, and consume pipeline scan results all within GitHub’s code scanning UI.

GitHub Actions CI/CD helps developers improve time to market by allowing them to build, test and deploy code directly from within GitHub. Developers can invoke Veracode’s Static Analysis (SAST) scans from GitHub Actions, significantly expanding the security testing capabilities for developers leveraging GitHub workflows, and allowing them to build security directly into their DevOps processes and scale development across the team.

John Leon, VP of Business Development at GitHub, said, “Veracode understands the importance of shifting left in the development lifecycle to enable teams to find and fix flaws at scale. With software development moving at breakneck speed, this new GitHub Action further enables our joint customers to develop secure software, without compromising speed or quality – all within a familiar interface.”

Veracode’s Static Analysis solution enables DevSecOps by providing fast, automated and actionable security feedback to developers in their pipeline – when they compile their code or when they check in their code - and conducting a full policy scan before deployment. With the new GitHub Action, developers can control Veracode scans as they write code within the GitHub environment and get clear guidance on how to remediate issues. Scan results are converted into GitHub code scanning alerts. When code is ready for deployment, developers can conduct the Veracode Policy Scan for a full assessment of the code, with an audit trail for compliance that can be previewed before triggering alerts. Veracode results have high accuracy without manual tuning as a result of the intelligence of Veracode’s SaaS platform which has scanned more than 21 trillion lines of code, to date.

Ian McLeod, Chief Product Officer at Veracode, said, “Secure development at scale is only possible if developers assume ownership of ensuring that the code they are writing is secure from the start. It’s therefore critical that we provide tools and integrations that simplify the job for the developer and make the capabilities available in the tools they use every day. Our new GitHub Action provides a seamless experience that saves developers time, while giving them the confidence that the code they’re writing is secure.”

Veracode tools are available as GitHub Actions in the GitHub Marketplace.

Share this

Industry News

October 22, 2020

Puppet announced Puppet Comply, a new product built to work with Puppet Enterprise aimed at assessing, remediating, and enforcing infrastructure configuration compliance policies at scale across traditional and cloud environments.

October 22, 2020

Harness announced two new modules: Continuous Integration Enterprise and Continuous Features.

October 22, 2020

Render announced automatic preview environments which are essential for rapid and collaborative development of modern applications.

October 21, 2020

Conducto is launching a toolkit for simplifying complex CI/CD and data science pipelines, having raised $3 million in seed funding led by Jump Capital.

October 21, 2020

Snyk Intel vulnerability database will be integrated into IBM Cloud security capabilities to enhance security for enterprise workloads.

October 21, 2020

Accurics announced $20 million across seed and series A financing raised in the past six months, with Intel Capital leading the Series A and ClearSky leading the seed.

October 20, 2020

Splunk announced the Splunk Observability Suite, the most comprehensive and powerful combination of monitoring, investigation, and troubleshooting solutions designed to help organizations become cloud-ready and accelerate their digital transformation.

October 20, 2020

Tricentis announced Vision AI, the core technology that will now power Tosca.

October 20, 2020

MuseDev has extended its code analysis platform to deliver bug reports via Github's code scanning UI.

October 20, 2020

Digital Shadows announced the ability to detect exposed access keys.

October 19, 2020

StackRox and Robin.io announced a new partnership bringing together Robin’s application-focused approach to Kubernetes data management with StackRox’s Kubernetes-native security and compliance capabilities.

October 19, 2020

PubNub announced new Chat UI Kits to streamline chat development.

October 19, 2020

Secure Code Warrior announced support for GitHub’s new code scanning functionality in conjunction with a new collaboration with Snyk.

October 15, 2020

Couchbase announced version 2.8 of Couchbase Lite and Couchbase Sync Gateway for mobile and edge computing applications.

October 15, 2020

Kong unveiled the private beta release of Kong Konnect, a full-stack platform for cloud native applications delivered as a service.