Vdoo, a leader in product security for applications, containers, and embedded software, today revealed a series of new integrations designed to make it easier and more efficient for software developers to implement security at every stage of the CI/CD pipeline. Vdoo’s new integrations support many of the most widely used development tools in the industry, including Jenkins, GitHub, GitLab, JFrog Pipelines and Azure Pipelines, helping developers seamlessly remediate vulnerabilities, achieve shorter release cycles and reduce security risk.
Finding and fixing vulnerabilities early in the development process, known as shifting left, empowers teams to manage issues while they are easier and less costly to accomplish. However, according to GitLab’s 5th Annual DevSecOps survey, nearly 42% of the respondents said it’s a struggle to unpack, process and fix vulnerabilities, and 37% said tracking the status of bug fixes is challenging.
Vdoo’s new integrations allow developers to automatically trigger security analysis and mitigation actions in the CI/CD process, providing actionable results in every interim and nightly build. Vdoo can identify known (CVEs) and unknown (zero days) issues in any artifact, including embedded systems, containers, server applications, mobile apps, and non-contextual single binaries. When vulnerabilities are identified, new tickets consisting of detailed, actionable mitigation guidance can be created with Vdoo’s existing Jira integration, helping teams prioritize and track their progress in remediating open issues.
“Organizations need platforms that will help them efficiently secure their software products throughout each step of the development cycle, no matter which tool they use,” said Netanel (Nati) Davidi, Co-Founder and CEO of Vdoo. ”With the release of these latest integrations, Vdoo brings powerful vulnerability detection, prioritization, and mitigation capabilities to the most used CI/CD tools and resources, saving organizations time and money, while delivering the most effective automated product security.”
Developers, DevOps, and DevSecOps can now streamline security processes with manual or automatic retrieval and analysis of artifacts from different binary repositories such as JFrog Artifactory and DockerHub. This allows teams to define the right automated processes for analyzing and identifying vulnerabilities in their binaries from the earliest stages when added to the repositories, or when adding third-party binaries into the organization’s development environment.
This new set of integrations joins Vdoo’s REST API and command-line tools to be used in any current pipeline. Vdoo’s REST API is available for all features, enabling users to integrate Vdoo into their automated processes throughout their CI/CD pipeline, repositories, and queries.
Vdoo’s automated product security platform is the only solution covering the entire product lifecycle – from design, development and testing to deployment and maintenance. Vdoo’s platform performs a complete security analysis in minutes, providing a comprehensive report identifying zero-day vulnerabilities, CVEs, configuration and hardening issues, standard non-compliance, and other security exposures with smart prioritization and mitigation mechanisms.