Veracode has introduced that it up to date its Steady Software program Safety Platform with enhancements like prolonged integrations for software program composition evaluation (SCA), an API for creating software program invoice of supplies (SBOMs), and new improved language and framework help for static evaluation.
“Fashionable functions are principally assembled, not written from scratch,” stated Brian Roche, chief product officer at Veracode. “Open-source code makes up a major proportion of audited code bases—for instance, 97 % of the standard Java utility is made up of open-source libraries—growing safety threat and the necessity to establish provide chain threat. Our SBOM API, is designed to make it simpler for builders to stock their code base, together with third-party elements, permitting them to behave rapidly if new vulnerabilities emerge. Because the launch of our Steady Software program Safety Platform in Might, we have now launched extra capabilities that meet builders proper the place they work: within the built-in developer setting (IDE), code repository, and command line interface. These improvements are designed to drive adoption by making the platform much more developer pleasant.”
The Veracode Azure DevOps Extension has been up to date with a brand new function that enables builders to mechanically import SCA knowledge into Azure DevOps Boards and Work Gadgets. The corporate additionally will probably be releasing a Veracode extension for Visible Studio Code that may embrace detailed info on vulnerabilities, license dangers, and really helpful variations of open-source libraries and dependencies.
The brand new SBOM API permits builders to generate a SBOM in CycloneDX JSON format, which is without doubt one of the authorized codecs from the White Home’s Govt Order on cybersecurity.
As well as, the platform now affords help for Rails 7.0, Ruby 3.x, and PHP Symfony.
