Web-based DevOps lifecycle platform GitLab today announced it has acquired Peach Tech, a security software firm specializing in protocol fuzz testing, and Fuzzit, a continuous “fuzz” security testing solution.

As open-source software development continues to build momentum, more enterprise businesses need access to testing tools that take into account the myriad ways that security issues can arise from code. Detecting and correcting potential vulnerabilities and exploits earlier in the development cycle means more developers are turning to team integrated automation DevOps practices known as DevSecOps.

“We believe GitLab provides best-in-class tools for the complete DevOps lifecycle on a single platform,” said Sid Sijbrandij (pictured), chief executive of GitLab. “Bringing the fuzzing technologies of Peach Tech and Fuzzit into GitLab’s security solutions will give our users an even more robust and thorough application security testing experience while enabling them to shift security left. This simultaneously simplifies their workflows and creates collaboration between development, security and operations teams.”

Both Peach Tech and Fuzzit provide testing solutions that implement “fuzzing” or “fuzz testing.” This is an automated software testing technique that involves bombarding code with invalid, unexpected or random data as inputs in an attempt to confuse, overload or crash the application.

Effective fuzzing also mimics “valid-enough” inputs that would not be directly rejected by the code in an attempt to generate unexpected outcomes. The objective is to automate potential attempts by would-be attackers – and unintentional attackers – in an attempt to understand how the application will react and watch it “break” so that it can be fixed before it goes into production.

The goal is to provide DevSecOps tools that empower development and security teams the ability to test early and often. The data produced by these services also allow teams to collaborate in the management of security risks related to the development and deployment of applications, lowering that risk since flaws can be discovered and cleared early in the process.

With the addition of Peach Tech and Fuzzit, GitLab Secure customers will be able to use their tools without needing to implement standalone testing solutions to meet application development security needs. Customers will instead have direct access to fully integrated solutions that supply these automated processes as part of the DevOps toolchain including Auto DevOps deployment of security testing, interactive security testing through Peach Tech’s DAST application programming interface engine and Fuzzit’s crash correlation technology.

“Providing GitLab users with the best security testing tools is key to GitLab’s DevSecOps core mission,” said Michael Eddington, Peach Tech’s founder and chief technology officer. “The integration of Peach Tech’s technologies expands GitLab’s shift security left capabilities making the future of security and DevSecOps a reality today for all GitLab users.”

By integrating Peach Tech’s DevSecOps fuzzing technology, development teams will be able to “shift left” security capabilities, which essentially means that teams will be able to start security testing as early as possible. Shifting left refers to a timeline where the left side is the beginning and the right side represents the end.

“Fully integrating Fuzzit will make GitLab the first security solution that provides continuous coverage-guided fuzz testing natively within the CI/CD pipeline,” said Yevgeny Pats, Fuzzit’s founder and chief executive. “Fuzzit’s support for multiple coverage-guided fuzzers combined with its crash analysis and correlation technology will add an important capability to the DevSecOps for GitLab users.”

Integrations from both Peach Tech and Fuzzit are now available to GitLab Secure customers and the company has published a DevSecOps best practices document. Further information on this integration and how it will affect DevOps development going forward has also been added to GitLab’s website.

Sijbrandij spoke with theCUBE, SiliconANGLE Media’s livestreaming studio, at the GitLab Commit conference in San Francisco in January about the company’s contribution to cycle time for developers and plans for a potential public offering, among other things:

Photo: Stu Miniman/SiliconANGLE