Idera’s new integration allows teams to further secure their software development lifecycle
Idera, parent company of global B2B software productivity brands, announced powerful new integration capabilities between its Assembla and Kiuwan products.
The integration allows development teams on Assembla to “shift left” and further secure their software development lifecycle by automatically scanning code in their Assembla repositories with Kiuwan’s enterprise-grade application security testing engine.
Verizon’s 2018 Data Breach Investigations Report1 found that attacks on web applications exploiting code-level or authentication mechanism vulnerabilities led to the highest number of breaches of all breach patterns. And according to the Ponemon Institute, the global average cost of a data breach is $3.86 million.
Kiuwan provides an enterprise-grade, end-to-end, non-localized static code analysis (SAST) and code quality analysis (QA) platform. The Assembla-Kiuwan integration leverages Kiuwan’s SAST scanning engine to identify potential vulnerabilities and security threats in code, with the capability to scan more than 30+ languages, technologies, and frameworks.
Issues detected during weekly scans are automatically highlighted and recorded in a user’s Assembla code commit history, enabling them to drill down for further analysis without leaving the repository.
“Until now, Assembla users either weren’t doing any scanning at all, or they were using separate scanning tools that increased the potential for error in identifying and resolving vulnerabilities,” said Robert Warmack, general manager of Assembla.
“Similarly, Kiuwan customers had to use a different system to securely store their source code, and spend time manually configuring the connection between the two systems to automate scanning. This integration pushes the envelope on the DevSecOps playbook, combining the premium capabilities of two world-class enterprise software development and security products.”
To enable scanning, Assembla users navigate to the Security Scan Results tab within their repository and check the “weekly code scan” box to turn the Kiuwan scanner ON.
Once a week, the scanner will scan the code repository within the repository tool for potential vulnerabilities and security threats, and alert the user to any issues from within the Assembla repository tool.
All Assembla customers get access to five free vulnerabilities in each weekly scan. Teams with active subscriptions to both Kiuwan and Assembla receive unlimited results from the Kiuwan scanner while gaining access to Kiuwan’s powerful business analytics, flexible and comprehensive scanning settings, and notifications directly from the Kiuwan dashboard.
Kiuwan users can access this capability by starting a new trial account with Assembla and enabling the integration between Assembla and Kiuwan from their Assembla Integrations settings.