Mend SCA Action within Amazon CodeCatalyst Brings Additional Application Security to Developers

Mend SCA Action Within Amazon CodeCatalyst
Table of Contents

Announced today at AWS re:Invent, Amazon CodeCatalyst brings together everything software development teams need to plan, code, build, test and deploy applications on AWS into a streamlined, integrated experience. We at Mend are excited about this announcement because Mend Software Composition Analysis (SCA) can be run as an action within CodeCatalyst CI/CD workflows, making it easy for developers to perform open source software vulnerability detection when building and deploying their software projects. This makes it easier for development teams to quickly build and deliver secure applications on AWS.

Amazon CTO Dr. Werner Vogels in his keynote presentation at the AWS re:Invent conference on December 1, 2022

With CodeCatalyst, developers can spend more time developing application features and less time setting up project tools, creating and managing CI/CD pipelines, provisioning and configuring various development and deployment environments or coordinating with team members. 

Why This Is Important

According to Forrester Research’s “State of Application Security, 2022” report, attackers looking for an easy way into systems are now focusing their attacks on applications. This makes it no surprise that the report found applications to be the top cause of external breaches, with the number of newly discovered open-source vulnerabilities having more than doubled from 2018 to 2021.

Companies must revise their application security strategies and frameworks to properly secure the large amount of open-source software that today’s cloud-based applications often contain. The latest advisories around open source security coming from the U.S. government highlights the need for increased focus and investment from companies to reduce their software attack surface and prevent malicious code from entering their code base.  

It’s simple, you can’t fix what you don’t know you have. Mend SCA provides identification of the most critical open source security vulnerabilities, removing the manual work to find gaps in security.

Using Mend SCA with CodeCatalyst workflows means that developers using the new service can quickly and efficiently scan their code leveraging our market-leading open-source detection engine.

Using Mend SCA with Amazon CodeCatalyst

Through our collaboration with AWS, existing users of Mend SCA will be able to easily configure vulnerability detection within CodeCatalyst workflows. This simplifies vulnerability detection by letting developers initiate a code scan via Mend SCA within the Amazon CodeCatalyst interface. Additionally, the Mend SCA CodeCatalyst action offers:

  • Intuitive interface: Discovered vulnerabilities are displayed directly inside CodeCatalyst so developers can remain in their development environment. Vulnerabilities are also reported in Mend.
  • Comprehensive coverage: Coverage is provided for 200 languages and coding frameworks 
  • Full visibility: Vulnerabilities are identified in both direct and transitive dependencies 
  • The most comprehensive database: Access the Mend open source vulnerability database, which is widely regarded as the most accurate and comprehensive in the world 

Find more information about Amazon CodeCatalyst here.

Manage open source application risk

Recent resources

Mend.io & HeroDevs Partnership: Eliminate Risks in Deprecated Package

Announcing an exclusive partnership between Mend.io and HeroDevs to provide support for deprecated packages.

Read more

All About RAG: What It Is and How to Keep It Secure

Learn about retrieval-augmented generation, one complex AI system that developers are using.

Read more

Cybersecurity Awareness Month: AI Safety for Friends and Family

This blog is for your friends and family working outside of the security and technical industries.

Read more