Because “software is eating the world,” as Mark Andreessen famously noted, application security gets harder every day; every line of code written opens organizations to new vulnerabilities and breaches. Furthermore, legacy solutions, such as static analysis, dynamic analysis and web application firewalls have failed to keep pace with Agile and DevOps practices. Teams need tools that empower developers, integrate security into the DevOps toolchain, and monitor application security the way DevOps teams monitor application performance.
That's why Contrast Security, a developer of self-protecting software tools, has announced integrations and product enhancements to address the security needs of organizations pursuing DevOps.
New Integrations
- Jenkins: With Contrast’s Jenkins integration, teams are now empowered to fail builds that have security issues. Customers can set the threshold for the number and severity of vulnerabilities and if reached, Jenkins will fail the build and developers are notified.
- JIRA: Customers can create automated JIRA tickets directly from the Contrast user interface. When a ticket status is changed in JIRA, the change will be reflected within Contrast to reflect the Jira ticket status.
- Support for Microsoft Visual Studio Team Services and Team Foundation Server: They now supports Microsoft Visual Studio Team Services and Team Foundation Server. This allows customers who use Visual Studio Team Services or Team Foundation Server to
track the vulnerabilities reported by Contrast through their existing bug tracking system.
- Pivotal Cloud Foundry: Contrast Assess and Contrast Protect customers can now secure their Java applications running on Pivotal Cloud Foundry (PCF) with Contrast. Contrast Security Service Broker for Pivotal Cloud Foundry enables their customers to create and manage multiple service plans for different organizations, and bind Contrast credentials to software applications. Support for .NET, node.js and Ruby applications in PCF is under development.
- Eclipse Integrated Development Environment (IDE) Plug-In: Software developers using the Eclipse IDE can now view vulnerabilities discovered in their applications from within their own development environment with Contrast Assess Plug-In for Eclipse.
“With DevOps, security must work differently,” said Surag Patel, chief strategy officer at Contrast Security. “Because code is released continuously, security must also work continuously and provide developers with instant, highly accurate feedback on their code. Contrast enables DevOps teams to
deliver continuous security by empowering developers to solve security problems early in the development lifecycle, integrating security into the DevOps pipeline and monitoring attacks the same way they monitor performance. Ultimately, Contrast makes application security accurate, continuous, integrated and scalable.”