CodeSecure CodeSonar and ArmorCode combine application vulnerability intelligence with AppSecOps workflows for end-to-end product security automation
BETHESDA, Md., April 17, 2023 — CodeSecure, a leading provider of application security testing products and software research services, and ArmorCode, the leader in AppSecOps, today announced a technology integration partnership to help customers automate product security across development, testing, feedback and deployment. The CodeSecure CodeSonar® SAST (static application security testing) platform provides deep safety and security vulnerability intelligence to ArmorCode for orchestrating application security operations within CI/CD pipelines. The companies are collaborating to offer integrated solutions for ensuring the safety and security of mission-critical automotive, aerospace, enterprise, and industrial products.
“Unifying application security tools and intelligence to orchestrate operations across developer pipelines is central to preventing safety and security vulnerabilities from reaching market-ready products,” said Jim Mercer, Research Vice President, DevOps & DevSecOps for IDC. “The combination of CodeSecure CodeSonar and ArmorCode enables customers to automate end-to-end DevSecOps workflows instead of stitching together siloed processes.”
The integration of ArmorCode and CodeSonar provides customers a centralized 360 degree view of vulnerabilities in CI/CD pipelines and prioritizes them for resolution, which is essential for implementing DevSecOps across physically distributed development environments and for satisfying standards-based coding practices such as MISRA for automotive products.
“As organizations across industries adopt DevSecOps to accelerate the delivery of software, the number of security vulnerabilities have increased exponentially. Furthermore, the security teams responsible for protecting the business are struggling to manage the risk and to keep pace with the speed of delivery,” said Mark Lambert, Chief Product Officer for ArmorCode. “This integration between CodeSecure CodeSonar and ArmorCode delivers the visibility and workflow automation these teams need to ship secure software and ship it fast.”
“Identifying and remediating security vulnerabilities in complex development environments that span multiple geographies can be challenging due to siloed data and workflows, which can lead to product delays or worse,” said Vince Arneja, Chief Product Officer for CodeSecure. “Together, CodeSonar and ArmorCode deliver deep visibility into vulnerabilities and automated orchestration capabilities to help customers improve the security of their code, while delivering safer products to market faster.”
The ArmorCode AppSecOps platform unifies vulnerability management to reduce the detection and remediation response time for security risks and minimize the disruption of software release schedules. It centralizes findings and remediations from hundreds of application, infrastructure, and cloud security tools; normalizes, de-dupes, correlates, and prioritizes data; automates critical vulnerability management workflows; and provides developers the information they need to quickly remediate problems.
CodeSonar’s SAST analysis supports all leading product development languages (C, C++, C# and Java) in one unified platform. The platform supports the validation of coding standards and best practices including MISRA, JPL, CERT-C and static verification using formal method concepts to find defects including runtime errors, buffer overruns, API misuse, misuse of socket API, suspicious behavior, dead code and unused variables. It finds defects that impact software quality and security and scales to meet the most rigorous real-world requirements, programs and processes.
Availability
CodeSonar’s integration for ArmorCode is available immediately.
About CodeSecure
CodeSecure is a leading global provider of application security testing (AST) solutions used by the world’s most security-conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. CodeSecure products enable rapid DevSecOps deployments while also securing their software supply chains. CodeSecure has corporate headquarters in Bethesda MD and publishes TalkSecure, an educational resource for product software developers. Visit us at http://www.codesecure.com and follow us on LinkedIn and X.
CodeSonar® and CodeSentry® are registered trademarks of CodeSecure, Inc.