Leading AppSec provider combines vulnerability testing for custom and third-party code across build, test, production and cloud-native environments
Los Altos, CA, March 15, 2022 — Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, today announced that its Secure Code Platform now integrates software supply chain security across the development lifecycle, from the developer desktop to production systems. The new integration makes Contrast the first platform on the market that allows enterprises to identify their biggest supply chain risks and defend against them.
As a direct response to the 2021 ransomware attack that shut down the Colonial Pipeline, President Joe Biden’s Cybersecurity Executive Order imposes strict standards for any software sold to federal agencies. More recent zero-day events such as the log injection vulnerability embedded in the popular Log4j Java library have also forced businesses in the private sector to re-evaluate the security of software imported, built and consumed standing by developers.
“Together, open-source and custom code are the ingredients to the applications that businesses build, buy and ship,” said Jeff Williams, co-founder and CTO at Contrast Security. “Testing these software ingredients separately lacks context and leads to both false positives and false negatives. To accurately identify vulnerabilities organizations must perform security testing on the entire integrated application or API, which reveals how custom code and open-source interact.”
Contrast integrates software composition analysis (SCA) with each of its security testing and protection solutions including its industry-leading interactive application security testing (IAST), runtime application self-protection (RASP) and Serverless Application Security solutions. Integration with Contrast’s static application security testing (SAST) solution is coming soon. The Contrast Secure Code platform helps businesses close security gaps in their software supply chain by:
- Testing for custom and third-party code vulnerabilities simultaneously within native CI/CD pipelines and cloud-native environments.
- Producing a comprehensive software bill of materials (SBOM) to help benchmark software supply chain risk and satisfy regulatory and compliance requests.
- Removing the need to chase fixes for inactive libraries pulled in from code repositories by flagging libraries that are actually called at runtime.
- Finding third party security issues in cloud-native workloads like serverless functions (eg, AWS Lambda)
- Protecting production applications and APIs from targeted attacks with no patching or code changes required.
Jeff Williams, Co-Founder and CTO at Contrast is scheduled to participate in a virtual, fireside chat with Melinda Marks, Senior Analyst with ESG Research, at 2 pm EST on Tuesday, April 6, 2022 to discuss how recent prior events like Log4j haveitized software supply chain security, the role of SBOMs and other techniques businesses need to consider to embed secure coding practices for third-party components. To register for the upcoming joint ESG Research and Contrast webinar, please visit https://www.contrastsecurity.com/webinar-esg.
About Contrast Security
Contrast Security secures the code that global business relies on. It is the industry’s most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world’s largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.