Apiiro Delivers Deep Runtime Context into Risk Prioritization with New Solution


Apiiro, the leading application security posture management (ASPM) platform, today introduced Code-to-Runtime, a new, innovative capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components.

Code-to-Runtime is seamless and agentless, requiring only API-based integration to Source Code Management (SCM) and runtime environments without the need for manual tagging, labeling, or other methods.

According to the company, with deeper insight into software architecture, users can now deliver actionable insights to the right developer, making risk prioritization, remediation, and prevention more efficient.

With autonomous Code-to-Runtime mapping, Apiiro automatically performs a deep code analysis on code repositories to identify all types of code components including APIs, OSS dependencies, code modules, DataModels, and more.

In addition, it analyzes container images and identifies similarities with no setup or intervention required. With Code-to-Runtime, customers can now:

  • Streamline risk prioritization and remediation: Prioritize risks detected at the development phase with runtime context and remediate risks detected in runtime with enriched code context. Apiiro provides insight into where code components or toxic combinations of risky code components are deployed using agentless, API-based integrations in customer Kubernetes clusters or CSPM vendors to identify internet exposure.
  • Reduce friction between AppSec, GRC, and development teams: Apiiro’s deep code analysis (DCA) combined with its Risk Graph engine implements guardrail at the design, development, and delivery phases, eliminating time developers are blocked by silo application security tools or other ASPM platforms.
  • Reduce alert fatigue: Correlate and group different versions of the same container image to create a single risk for a vulnerability detected in multiple versions. Apiiro also correlates between the container risk and the code risk found by software composition analysis (SCA) scanners.
  • Gain single pane of glass into Artifact inventories: Achieve complete visibility into complex software architecture with a single, risk-based pane of glass view. Apiiro deduplicates Artifact inventories by pulling information from security tools running in continuous integration, registries, and deployed containers. Information is then correlated with deployment insights from Kubernetes clusters and/or CSPMs to deduplicate and enrich with relevant code context.
“Apiiro is committed to enabling autonomous security across the entire software development lifecycle, and true code-to-runtime matching goes beyond containers and cloud environments,” said Moti Gindi, chief product officer at Apiiro. “Our platform understands that not every code component is relevant to what’s running in production and not every runtime component is relevant to the codebase or person responsible for it. Code-to-Runtime delivers the level of precision required to gather meaningful insights and prevent the influx of false positives that plague other solutions on the market.”

For more information about this news, visit https://apiiro.com



Newsletters

Subscribe to Big Data Quarterly E-Edition