CyberRes, a Micro Focus line of business, has released Fortify Scan pipe and Fortify Tools Installer, now enabling developers to dynamically install Fortify tools into any existing CI/CD pipelines. With these releases, CyberRes has completed another product initiative around DevSecOps to deliver a more comprehensive, automated static application security testing (SAST) user experience to developers.
“Moving beyond early adopters to the mainstream has driven the DevSecOps evolution beyond basic integration and it continues to be pushed by the rush to shift left,” said Dylan Thomas, Head of Fortify Product Management for CyberRes. “Security must keep pace with the ‘everything-as-code’ era, and Fortify is focused on transforming AppSec from point of friction to enablement – without sacrificing quality – by providing a seamless user experience and flexibility to adapt to the needs of any software team.”
With automated workflows built for DevSecOps, Fortify’s extensive integration ecosystem leverages investments and workflows in current tools and reduces friction by embedding security into current processes. These capabilities now allow for integration with virtually any CI/CD system such as AWS CodeStar, Bitbucket Pipelines, Github Actions and GitLab Pipelines.
With these releases, Fortify now provides organizations:
• Easy to use, out-of-the-box pipeline integration
• Capability to automate orchestration into any containers used by existing CI/CD pipelines
• Ability to scan raw source code as the build takes place
• Prioritized SAST scan results to focus developer remediation efforts on vulnerabilities that matter most
• Direct feedback into the Fortify platform for even more comprehensive results and coverage
Fortify delivers complete solutions for on-premise, SaaS and as-a-service offerings that enable customers the flexibility of choice based on their application security needs. This complete portfolio automates testing throughout the CI/CD pipeline so developers can quickly resolve issues and key stakeholders have visibility of their applications’ security posture.