Application security company Veracode Inc. today announced several new product features that integrate security into the software development lifecycle and drive the adoption of application security techniques in the environments where developers work.

Announced at the annual AWS re:Invent 2023 conference in Las Vegas, the first new release, DAST Essentials, is a dynamic application security testing solution. It’s designed to address the significant risks associated with web applications and the increasing frequency of application programming interface attacks. The tool enables developers and security teams to identify and mitigate vulnerabilities in live runtime environments.

DAST Essentials simulates real-world attack scenarios to offer a proactive approach to security by allowing teams to uncover and address potential breaches before they are exploited. The tool can be integrated into the SDLC to provide a scalable solution to maintaining the security of web applications and APIs.

The second announcement is the Veracode GitHub app, a tool designed to streamline the integration of cloud-native security measures into the software development process. Designed for developers, this app embeds into existing workflows to deliver efficient and effective security checks without disrupting the development process.

The app provides tools for static software composition analysis and container security scanning, allowing developers to identify and rectify security vulnerabilities in their code. The integration simplifies scanning cloud-native applications, making it easier for DevOps teams to onboard repositories and maintain development velocity.

Standardized scanning configurations across repositories in the Veracode GitHub App also enhance the security of applications and ensure a consistent and developer-friendly approach to application security, aligning with modern development practices.

The Veracode GitHub app also includes a new feature called Enhanced Repo Scanning, which is designed to simplify securing cloud-native applications for DevOps teams. The company says it enables easy onboarding of repositories into the security scanning process to ensure that application security becomes a seamless part of the development pipeline.

Enhanced Repo Scanning standardizes scan configurations across multiple repositories to provide a consistent and streamlined approach to identifying and addressing security vulnerabilities. Development velocity is enhanced by reducing complexities that often appear when integrating security practices into the development cycle. The result is said to be a more efficient, secure and developer-friendly environment where security is a natural and integral part of the SDLC.

“Ensuring the security of cloud-native applications has never been more crucial,” Brian Roche, chief product officer at Veracode, said ahead of the release. “Developers are assembling code just as much as they’re writing it, meaning even the most meticulously built applications are susceptible to threat. To protect the software supply chain, modern application development demands a paradigm shift in security practices.”

Image: Veracode