Veracode Application Security Platform to embed seamless security testing into the continuous development lifecycle
BURLINGTON, Mass. – November 16, 2016 – Veracode, a leader in securing the world’s software, today announced a new extension that integrates the Veracode Application Security Platform with Microsoft Visual Studio Team Services (VSTS). The extension will enable developers and engineering teams using VSTS to apply application security testing into their DevOps environments or other continuous deployment models.
Enabling Secure DevOps
The integration simplifies the delivery of secure applications by moving vulnerability assessments earlier in the development process. This will enable developers to create applications that meet market demand on schedule, without compromising on security. In addition, the solution offers fewer disruptions for developers through integrated testing within the development lifecycle - thereby reducing friction between security and development teams.
Integrating Security into the Development Process
Veracode is the first application security provider to join the Microsoft VSTS Marketplace. Developers can now statically scan an application and receive results without additional manual effort. Teams can choose to use high accuracy of the Veracode scan to automatically stop the build or release pipeline if a vulnerability violates the company’s policy. Teams can also create their own policy scans or Developer Sandbox scans with the VSTS extension, allowing them to choose the Veracode scanning workflow that best works for them.
“The focus of continuous deployment models like DevOps on automated, integrated testing presents an opportunity to build security into the development lifecycle, improving application security without impacting delivery times,” said Tim Jarrett, senior director of security, Veracode. “This solution enables developers to code securely, meeting the needs of both developers and security teams by delivering secure applications on time.”
Shawn Nandi, senior director, Microsoft Corp. said, “The Veracode extension for Visual Studio Team Services allows developers to test applications and resolve security flaws early in the development lifecycle. Now, teams can rely on VSTS to automatically raise an alarm if a critical issue is found. This reduced risk exposure paired with the ability to accelerate the delivery of secure applications will enable companies to realize the full potential of DevOps environment.”
Development team leads or release engineers can install Veracode’s VSTS integration extension into their VSTS instance from the Microsoft VSTS Marketplace, or download it for their local Microsoft Team Foundation Server. For more information, visit the Microsoft VSTS Marketplace: https://marketplace.visualstudio.com/items?itemName=Veracode.veracode-vsts-build-extension