Cycode, a provider of software supply chain security, is releasing Cycode Application Security Orchestration and Correlation (ASOC), providing security teams consistent visibility into the various AppSec tools that are used in modern software delivery pipelines.
According to the company, full visibility of all AppSec tooling allows for greater control over pipeline vulnerabilities and fundamentally protects the development infrastructure.
Acting as a management layer between application development and security testing, Cycode ASOC automatically discovers tooling across the software development life cycle (SDLC) and analyzes and correlates the tools’ data, identifying vulnerabilities across different modules.
When a vulnerability appears more than once, Cycode ASOC automatically deduplicates it while also aggregating the remaining unique results into one centralized location.
In the centralized location, the vulnerabilities are prioritized by level of risk to help with remediation. By reducing the noise, this automated process allows security teams to focus on fewer issues that are of the highest priority. This in turn, increases the effectiveness of security teams and reduces alert fatigue, according to the vendor.
Cycode ASOC provides:
- Automated tool discovery – automatically discover tooling starting with the SCM, the foundation of DevOps infrastructure
- Pipeline security posture – gain visibility into pipeline and tool configurations, including which security tools are used in each phase of the development process
- Comprehensive prioritization – ingest data and prioritize vulnerabilities from third-party solutions
“Security teams are struggling to protect their development infrastructure because they lack visibility into the many tools used in modern software delivery pipelines such as cloud platforms, serverless, SaaS and other ephemeral services,” said Ronen Slavin, co-founder and CTO of Cycode. “Even software teams that build and use pipelines may not be aware of all the tools in use and how they are configured. This limited visibility creates huge blind spots in the security program, forcing security teams to waste resources trying to understand and secure pipelines, and prevents consistent management of security risks.”
For more information about this news, visit https://cycode.com.