has introduced that it up to date its Steady Software program Safety Platform with enhancements like prolonged integrations for software program composition evaluation (SCA), an API for creating software program invoice of supplies (SBOMs), and new improved language and framework assist for static evaluation.
“Fashionable purposes are largely assembled, not written from scratch,” stated Brian Roche, chief product officer at Veracode. “Open-source code makes up a major proportion of audited code bases—for instance, of the standard Java utility is made up of open-source libraries—growing safety threat and the necessity to determine provide chain threat. Our SBOM API, is designed to make it simpler for builders to stock their code base, together with third-party parts, permitting them to behave shortly if new vulnerabilities emerge. For the reason that launch of our Steady Software program Safety Platform in Might, we’ve got launched further capabilities that meet builders proper the place they work: within the built-in developer atmosphere (IDE), code repository, and command line interface. These improvements are designed to drive adoption by making the platform much more developer pleasant.”
The Veracode Azure DevOps Extension has been up to date with a brand new characteristic that permits builders to robotically import SCA information into Azure DevOps Boards and Work Gadgets. The corporate additionally will likely be releasing a Veracode extension for Visible Studio Code that may embrace detailed data on vulnerabilities, license dangers, and beneficial variations of open-source libraries and dependencies.
The brand new SBOM API permits builders to generate a SBOM in CycloneDX JSON format, which is likely one of the authorized codecs from the White Home’s on cybersecurity.
As well as, the platform now presents assist for Rails 7.0, Ruby 3.x, and PHP Symfony.