WhiteSource SAST

Security at the Speed of DevOps

2022-05-31 01:53:14

|

GBI, Industry News

As application vulnerabilities have become the riskiest aspect of the enterprise attack surface1, enterprise security managers increasingly look to Static Application Security Testing (SAST) tools to identify security vulnerabilities in the custom code written by application developers.

Unfortunately, traditional SAST tools are a poor fit for today’s fast-paced development environments.

Traditional SAST tools are famous for being —

  • Cumbersome. They often require developers to leave their development environment to trigger the scan, view results, and research how to fix security problems.
  • Slow to produce results. They typically take hours to run, sometimes days. This is a poor fit for DevOps teams whose release cycles — from code commit to application deployment — are getting faster and faster.

WhiteSource SAST is a breakthrough product that lets enterprise application developers create newapplications quickly, without sacrificing security.

  • It’s ergonomic. It integrates with your existing DevOps environment and CI/CD pipeline, so developers don’t need to separately configure or trigger the scan.
  • It’s comprehensive. Supports 27 different programming languages and various different programming frameworks.
  • It’s fast. 10x or more faster than traditional SAST solutions.
  • Security that developers want to use. WhiteSource SAST provides maximum efficiency and convenience for your developers, allowing them to fix vulnerabilities right away, when it’s quickest and easiest to do so. No more speed bumps.
  • Reduce your software risk. The comprehensive and accurate detections provided by WhiteSource SAST will ensure that you have visibility to over 70 CWE types — including 

OWASP Top 10 and SANS 25 — in desktop, web and mobile applications developed on various platforms and frameworks.

  • Bridge the culture gap. The efficiency and ergonomics of WhiteSource SAST will help your software developers learn to trust their software tools and collaborate more readily with members of the security team.
  • Ensure compliance. Built-in reports for security standards such as PCI and HIPAA allow you to easily meet compliance requirements.

While WhiteSource SAST is already demonstrably better than most other SAST products, WhiteSource engineers are developing an exciting set of enhancements. Our goal is to leverage the same “remediation first” approach that has made our software composition analysis (SCA)  product the market leader for four years in a row.

Enhancements will include:

  • Automated remediation for custom code weaknesses, as pioneered by WhiteSource Cure, a product that we released in July 2021. WhiteSource Cure will be integrated within WhiteSource SAST for seamless operation.
  • Repository integrations where vulnerability alerts and remediation pull requests will be listed directly in the developer’s normal workflow, for the most efficient shift-left experience.
  • Unified deployment, management and reporting platform, combining our SCA product with our SAST product.