We’re delighted to announce that Mend.io has launched a new integration with Secure Code Warrior®, a platform that provides secure coding training and tools that help shift developer focus from vulnerability reaction to prevention.
With this integration, Mend.io offers developers access to the security knowledge database of Secure Code Warrior® to help fix security vulnerabilities in their proprietary code. Whenever a developer commits to the repository the latest changes to their proprietary code, these changes are checked for security vulnerabilities by Mend SAST. For each detected finding, the specific Secure Code Warrior learning sessions and knowledge resources for this vulnerability type can be accessed by the developer with a single click on a link. This enables developers to find, and remediate vulnerabilities faster and more easily. It helps minimize the burden of securing code by integrating security within developers’ existing repository workflow, so that they can stay in an environment with which they are familiar.
Integrating with Secure Code Warrior® helps educate developers about security, encourages good practices, and drives their adoption by simplifying and facilitating access and use within developers’ workflow. Our integration empowers developers to understand risks and threats better, prioritize those that need addressing first, and help them take preventative measures before any threats become damaging problems.
“Our goals at Mend.io align with Secure Code Warrior® so it’s a natural integration. We’re both focused on promoting robust application security and making it as quick, simple, and seamless as possible for developers to implement. Together, we can amplify the importance of the organization’s security practices and tools, and optimize their use for a better overall user experience, higher productivity, and faster problem remediation that results in a stronger application security posture.”
Vered Shaked, Mend.io EVP, Corporate Development
Mend SAST with Secure Code Warrior® is fully integrated within the developer code repository, so that they can perform security procedures from the repo, rather than via links within the vendor web user interface, which is not the preferred environment for developers.
Our solution focuses on differential results only. This means that developers can address the specific security issues that they introduced with their latest code changes and get the relevant training for them. They do not receive a long list of security issues and training links that are irrelevant and that they will never use. Consequently they can find, learn about and address the security issues relevant to them, faster and more efficiently.
Having it in the repo means that it is done in controlled / centralized way for all the enterprise developers with ability to monitor activity and improvements by managers.
Mend.io’s solution is housed in the repository, which enables it to perform and be deployed in a controlled and centralized way for all enterprise developers, and it enables managers to easily monitor activity and improvements to code.
Our mission at Mend.io is to harden your application security and your software supply chain in the most seamless possible ways so you can improve the adoption of security best practices earlier in the software development lifecycle (SDLC). The need to shift security left and shift smart has become increasingly urgent because the volume of software components has expanded massively and deepened in complexity in recent years. This presents a much larger potential attack surface and escalating opportunities for malicious actors to exploit vulnerabilities and attack your codebase with malware.
Shifting left to address these threats requires developers to participate in implementing security strategies by using tools that enable them to do so simply. Successful modern application security can only occur when it’s integrated early into the SDLC and is easy for developers to adopt within their existing workflow. Developers simply won’t use tools that aren’t easy to use or those that require them to interrupt their development cadence, because they’re focused on maintaining productivity.
Mend.io is dedicated to empowering developers to strengthen their software and application security by creating ways to make the process as simple, intuitive and seamless as possible. This new integration of our SAST product with Secure Code Warrior® is the latest way in which we deliver on this promise.