TEL AVIV AND BOSTON — November 22, 2022 — Mend.io, a leader in application security, announced today that it has integrated Renovate, it’s automation dependency update solution, with Amazon Web Services (AWS) CodeCommit and CodeBuild, both pieces of the AWS suite of continuous integration and continuous delivery (CI/CD) services. Through this integration, developers will have the ability to work directly within the AWS development ecosystem and leverage Renovate capabilities natively in their existing workflows. The integration also further signifies Mend.io’s strong partnership with AWS and commitment to eliminating the burden of application security. Now, developers can save on development time, reduce technical debt, and proactively prevent vulnerabilities by automatically updating dependencies within the AWS environment.
With 70 to 90 percent of modern applications containing free and open source software (FOSS), according to the Linux Foundation, the applications that rely on these open source dependencies may consequently become vulnerable to security flaws. This is why consistent maintenance of dependencies is critical to ensure a secure environment. By using the Renovate integration, developers working in AWS CodeCommit and CodeBuild can now group and schedule updates together to limit unnecessary noise that hampers productivity and reduces CI/CD resources. The integration also provides robust default configuration options that enable users in almost any environment to get started within minutes of installation.
“Dependency management can take a lot of time and due to build break concerns, updates sometimes don’t happen at all, which further increases the risk of vulnerabilities,” said Rhys Arkins, vice president of product management at Mend.io. “Renovate automates this process, reducing the risk of updating dependencies through Merge Confidence, which provides crowdsourced data from over 500,000 repositories to show the likelihood that a dependency update will break a project. By automating dependency management, Renovate decreases security risk, technical debt, and gives developers time back on what is often a manual, time consuming process.”
Through the partnership of AWS and the open-source community behind the Renovate open-source project, Mend.io has developed one of the industry’s first auto-dependency update solutions that integrates natively into the AWS development ecosystem, through CodeCommit and CodeBuild. A fully managed source control service, CodeCommit hosts secure Git-based repositories and makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem. CodeBuild, a fully managed CI service, compiles source code, runs tests, and produces ready-to-deploy software packages. Developers building their software in these AWS services can now use the Renovate integration to lower their risk of being breached and increase confidence in their code base.
“Using outdated dependencies or outputting code that has known vulnerabilities can expose applications to threats. Keeping libraries up-to-date is essential to ensuring applications run smoothly and have minimal vulnerabilities,” said Rami Sass, CEO and co-founder of Mend.io. “We’re proud to be an AWS partner and enable developers working within the AWS ecosystem to easily update dependencies and prevent regression errors with a high degree of confidence that their code won’t break.”
Mend.io works closely with AWS as an APN Advanced Tier Technology Partner, and through the strong partnership, ensures that both open source and custom code applications running on AWS are secured using a remediation-first approach for faster and more confident deployments. With seamless integration in the existing AWS DevOps environments and CI/CD pipelines, Mend is able to reduce complexity and increase developer speed. Not only this, but the partnership also supports customers in meeting their obligations as part of the AWS Shared Responsibility Model. Integrations with key AWS services, such as Renovate’s integration with AWS CodeCommit and CodeBuild, makes it easier for customers to manage their responsibilities and ship software and applications securely with ease.
Mend.io, formerly known as WhiteSource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world’s most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.
Guyer Group for Mend.io