Table of contents
Add to Your AppSec Arsenal with Mend.ioโs Integration with Secure Code Warriorยฎ
Weโre delighted to announce that Mend.io has launched a new integration with Secure Code Warriorยฎ, a platform that provides secure coding training and tools that help shift developer focus from vulnerability reaction to prevention.
With this integration, Mend.io offers developers access to the security knowledge database of Secure Code Warriorยฎ to help fix security vulnerabilities in their proprietary code. Whenever a developer commits to the repository the latest changes to their proprietary code, these changes are checked for security vulnerabilities by Mend SAST. For each detected finding, the specific Secure Code Warrior learning sessions and knowledge resources for this vulnerability type can be accessed by the developer with a single click on a link. This enables developers to find, and remediate vulnerabilities faster and more easily. It helps minimize the burden of securing code by integrating security within developersโ existing repository workflow, so that they can stay in an environment with which they are familiar.
What does this integration do?
Integrating with Secure Code Warriorยฎ helps educate developers about security, encourages good practices, and drives their adoption by simplifying and facilitating access and use within developersโ workflow. Our integration empowers developers to understand risks and threats better, prioritize those that need addressing first, and help them take preventative measures before any threats become damaging problems.
โOur goals at Mend.io align with Secure Code Warriorยฎ so itโs a natural integration. Weโre both focused on promoting robust application security and making it as quick, simple, and seamless as possible for developers to implement. Together, we can amplify the importance of the organization’s security practices and tools, and optimize their use for a better overall user experience, higher productivity, and faster problem remediation that results in a stronger application security posture.โ
Vered Shaked, Mend.io EVP, Corporate Development
Special features
Mend SAST with Secure Code Warriorยฎ is fully integrated within the developer code repository, so that they can perform security procedures from the repo, rather than via links within the vendor web user interface, which is not the preferred environment for developers.
Our solution focuses on differential results only. This means that developers can address the specific security issues that they introduced with their latest code changes and get the relevant training for them. They do not receive a long list of security issues and training links that are irrelevant and that they will never use. Consequently they can find, learn about and address the security issues relevant to them, faster and more efficiently.
Having it in the repo means that it is done in controlled / centralized way for all the enterprise developers with ability to monitor activity and improvements by managers.
Mend.ioโs solution is housed in the repository, which enables it to perform and be deployed in a controlled and centralized way for all enterprise developers, and it enables managers to easily monitor activity and improvements to code.
Benefits
- Awareness: Increases developersโ awareness and understanding of the threats to their code and the vulnerabilities therein.
- Speed: Expedites the ability of developers to find, identify, and fix these vulnerabilities and threats as early as possible in the SDLC, before threats and flaws can become damaging problems
- Efficiency: Optimizes developersโ deployment of AppSec strategies and tools, which strengthens your security posture and enhances the effectiveness and efficiency of your AppSec program
- Simplicity and adoption: Easy to use within developersโ existing workflow, in their code repository, thereby lowering any barriers to adoption and maximizing its potential for use among developers.
- Prevention: Encourages a proactive approach to application security, which preempts and prevents issues rather than needing to respond to those that have already hit your codebase.
- Remediation: Facilitates effective assessment and resolution of detected security problems, enabling a dramatic reduction of software-related risk
- Versatility and scalability: A solution that grows with you, so you can successfully meet complex and large-scale application security needs, as they emerge.
- Productivity: All of the above benefits enable your developers to accelerate and enhance their productivity because the integration will enable them to produce better, more secure software and applications, faster and more confidently. Productivity is also improved by significantly reducing the likelihood of ineffective and inefficient handling of vulnerabilities.
Why is Mend.io launching this integration?
Our mission at Mend.io is to harden your application security and your software supply chain in the most seamless possible ways so you can improve the adoption of security best practices earlier in the software development lifecycle (SDLC). The need to shift security left and shift smart has become increasingly urgent because the volume of software components has expanded massively and deepened in complexity in recent years. This presents a much larger potential attack surface and escalating opportunities for malicious actors to exploit vulnerabilities and attack your codebase with malware.
Shifting left to address these threats requires developers to participate in implementing security strategies by using tools that enable them to do so simply. Successful modern application security can only occur when itโs integrated early into the SDLC and is easy for developers to adopt within their existing workflow. Developers simply wonโt use tools that arenโt easy to use or those that require them to interrupt their development cadence, because theyโre focused on maintaining productivity.
Mend.io is dedicated to empowering developers to strengthen their software and application security by creating ways to make the process as simple, intuitive and seamless as possible. This new integration of our SAST product with Secure Code Warriorยฎ is the latest way in which we deliver on this promise.
