Mend SCA Action within Amazon CodeCatalyst Brings Additional Application Security to Developers

Announced today at AWS re:Invent, Amazon CodeCatalyst brings together everything software development teams need to plan, code, build, test and deploy applications on AWS into a streamlined, integrated experience. We at Mend are excited about this announcement because Mend Software Composition Analysis (SCA) can be run as an action within CodeCatalyst CI/CD workflows, making it easy for developers to perform open source software vulnerability detection when building and deploying their software projects. This makes it easier for development teams to quickly build and deliver secure applications on AWS.

With CodeCatalyst, developers can spend more time developing application features and less time setting up project tools, creating and managing CI/CD pipelines, provisioning and configuring various development and deployment environments or coordinating with team members. 

Why this is important

According to Forrester Research’s “State of Application Security, 2022” report, attackers looking for an easy way into systems are now focusing their attacks on applications. This makes it no surprise that the report found applications to be the top cause of external breaches, with the number of newly discovered open-source vulnerabilities having more than doubled from 2018 to 2021.

Companies must revise their application security strategies and frameworks to properly secure the large amount of open-source software that today’s cloud-based applications often contain. The latest advisories around open source security coming from the U.S. government highlights the need for increased focus and investment from companies to reduce their software attack surface and prevent malicious code from entering their code base.  

It’s simple, you can’t fix what you don’t know you have. Mend SCA provides identification of the most critical open source security vulnerabilities, removing the manual work to find gaps in security.

Using Mend SCA with CodeCatalyst workflows means that developers using the new service can quickly and efficiently scan their code leveraging our market-leading open-source detection engine.

Using Mend SCA with Amazon CodeCatalyst

Through our collaboration with AWS, existing users of Mend SCA will be able to easily configure vulnerability detection within CodeCatalyst workflows. This simplifies vulnerability detection by letting developers initiate a code scan via Mend SCA within the Amazon CodeCatalyst interface. Additionally, the Mend SCA CodeCatalyst action offers:

• Intuitive interface: Discovered vulnerabilities are displayed directly inside CodeCatalyst so developers can remain in their development environment. Vulnerabilities are also reported in Mend.
• Comprehensive coverage: Coverage is provided for 200 languages and coding frameworks 
• Full visibility: Vulnerabilities are identified in both direct and transitive dependencies 
• The most comprehensive database: Access the Mend open source vulnerability database, which is widely regarded as the most accurate and comprehensive in the world 

Find more information about Amazon CodeCatalyst here.