Senior Product Marketing Manager, CodeSec, Contrast Security
Subscribe to the Contrast blog
By subscribing to our blog, you’ll stay up to date with all the latest appsec news and devops best practices. You’ll also hear about the latest Contrast product news and exciting application security events.
More than 73 million developers currently use GitHub, and rightly so, since GitHub has become a necessary part of any software company in need of a web presence. And while GitHub offers some level of security in its toolset, its scanning speed and accuracy capabilities ultimately fall short when compared to other security tools on the market. This forces many users to rely on a third-party integration available on the GitHub marketplace for additional assistance in securing their continuous integration/continuous deployment (CI/CD) pipeline against vulnerabilities such as Apache Log4j 2.
As modern web development management becomes more complex, security coverage is a growing concern for Application Security Officers (AppSec), DevOps, and developers, who all want to ensure that code released to their repository is secured from all source code and open-source vulnerabilities before it is sent for deployment.
That’s why Contrast Security is expanding its SCA coverage with its all-new GitHub Stock feature, marking Contrast Security’s first step in delivering a superb SCA experience to developers and AppSec teams. New GitHub Stock Feature scans without any agent dependencies, allowing developers to scan their code before public release and automatically withhold it from deployment to prevent the introduction of vulnerable libraries into the main branch. In the CI/CD pipeline, the Contrast agent can now be deployed to get richer data on SCA usage.
Curious about our new GitHub action?
Contrast built its SCA feature to equip developers with fast and accurate security for real-world applications. That’s why Contrast has made this GitHub integration available not only in our enterprise version of Contrast SCA, but also in Contrast’s new free developer security move, CodeSec. Powered by the same Software Composition Analysis (SCA) analysis engine as the enterprise version of Contrast SCA, CodeSec allows developers to rely on the same level of performance and accuracy as our enterprise customers — free!
Test the latest from Contrast SCA GitHub Stock function for yourself with CodeSec!
To learn more about this new GitHub Contrast action: