Veracode Static Analysis IDE Scan Lets Software Developers Spot Security Defects in Seconds, Without Ever Leaving Their Development Environments
New solution enables secure coding to be achieved at the speeds needed for DevOps and high-velocity software development.
New solution enables secure coding to be achieved at the speeds needed for DevOps and high-velocity software development
BURLINGTON, Mass. – January 25, 2017 – Veracode, a leader in securing the world’s software, today announced the availability of Veracode Static Analysis IDE Scan, a new product to support developers’ need to provide quality, secure code faster than ever before. Veracode Static Analysis IDE Scan integrates seamlessly into popular development environments, making security just one more part of the software development process and reducing the disruption and time associated with adopting secure coding practices.
The short and cyclical nature of DevOps and CI/CD development environments requires developers to maintain a rapid pace of innovation in order to drive business growth. Finding vulnerabilities late in the software lifecycle disrupts this process by slowing down production and release cycles and increasing development costs. According to NIST, fixing vulnerabilities in the coding stage provides a 10x cost savings versus fixing vulnerabilities in the testing stage.
Veracode Static Analysis IDE Scan identifies vulnerabilities and provides advice for fixing security defects within the developers’ integrated development environment (IDE). By integrating into existing IDEs, security is embedded directly into the development process so developers can remediate defects at the point with the lowest cost and least amount of disruption. This provides the speed and agility DevOps and CI/DC environments require and helps developers meet both security and functional requirements for their code.
“In working with our customers it has become clear that application security testing must adapt to the continuous development cycle created by DevOps and CI/CD environments,” said Janet Worthington, Product Manager, Veracode. “By enabling developers to test early and often in the development lifecycle and integrating into the existing development toolchains, Veracode Static Analysis IDE Scan supports developers to achieve their goals while simultaneously enabling organizations to adopt DevSecOps, making secure code one more dimension of quality code.”
Veracode Static Analysis IDE Scan scans code through the full SaaS-based Veracode Static Analysis engine to provide a high availability and scalable solution that delivers high accuracy and a low false positive rate. Customers will benefit from a cutting-edge technology, strengthened by more than 10 years of application security expertise. Combined with the Veracode Static Analysis Solution, Veracode Static Analysis IDE Scan ensures consistent results for security and development teams enabling applications to pass compliance much faster than if development and security tests were conducted separately and with disparate results.
“Application security is a problem affecting the entire software development lifecycle, not just the quality assurance phase or the development phase,” said Scott Crawford, Research Director for Information Security with 451 Research. “Using Veracode Static Analysis IDE Scan to find and fix vulnerabilities early in the development process combined with Veracode’s Static Analysis solution supports an end-to-end approach with technologies that help ensure security with speed and usability for both development and security teams.”
For more information about Veracode Static Analysis IDE Scan visit: Veracode Static Analysis IDE Scan