Fortify Delivers on Product Strategy for DevSecOps with Complete CI/CD Integrations

by in CyberRes

Fortify, the global leader in application security solutions, has released Fortify Scan Pipe, a new Bitbucket integration, along with FortifyToolsInstaller, allowing developers to dynamically install Fortify DevSecOps tooling into existing CI/CD pipelines. These releases, along with continued updates to Fortify’s current Github and GitLab integrations, bring an even more comprehensive, automated static application security testing (SAST) user experience to developers. 

Fortify Delivers on Product Strategy for DevSecOps with Complete CI/CD IntegrationsWith development cycles becoming increasingly faster and software becoming more complex as cloud-native technologies spanning containers, APIs, microservices, infrastructure-as-code, and more continue to evolve, automated workflows that are built for DevSecOps and enable developers to find and fix flaws easier and faster are crucial. Fortify’s extensive integration ecosystem:

  • Makes application security testing easy for developers
  • Leverages investments and workflows in current tools
  • Reduces friction by embedding security in your current processes

Fortify’s new Atlassian Bitbucket Pipe integrates the company’s industry leading AppSec solutions to orchestrate scalable SAST for SaaS and on-prem customers directly with Atlassian Bitbucket Pipelines, giving developers more flexibility and better experience with their current tools to secure their code. By automatically triggering SAST scans during a pull request or other user-configurable trigger, and providing results directly into the CI/CD pipeline through BitBucket Code Insights, Fortify simplifies developer workflows and empowers them to code more securely without sacrificing speed. 

Fortify now has even more comprehensive capabilities to integrate with virtually any CI/CD system such as AWS CodeStar, Bitbucket Pipelines, Github Actions and GitLab Pipelines. Key features and benefits of these include:

  • Easy to use, out-of-the-box integration with our Fortify CI container
  • Automate orchestration of Fortify tools into current containers used by existing CI/CD pipelines
  • Ability to scan raw source code as the build takes place, enabling greater efficiency between developers and AppSec teams
  • Prioritized SAST scan results to focus developer remediation efforts on vulnerabilities that matter most
  • Direct feedback into the Fortify SaaS or on premise enterprise-grade AppSec platform for even more comprehensive results and coverage, including gamified training via Fortify’s integration with Secure Code Warrior and online resources for remediation guidance 

“Moving beyond early adopters to the mainstream has driven the DevSecOps evolution beyond basic integration pushed by the rush to shift left.”  said Dylan Thomas, Head of Fortify Product Management for CyberRes. “Security must keep pace with the ‘everything-as-code’ era, and Fortify is focused on transforming AppSec from point of friction to enablement - without sacrificing quality - by providing a seamless user experience and flexibility to adapt to the needs of any software team.” 

Learn more about Fortify’s extensive developer focused integrations for cloud-native technologies that are custom built for DevSecOps. 

More Information 

Join our Fortify Community. Have technical questions about Application Security products? Visit the Fortify discussion forum.  Keep up with the latest Tips & Info about Application Security. We’d love to hear your thoughts on this blog. Log in or register to comment below. 

About CyberRes

CyberRes is a Micro Focus line of business. We bring the expertise of one of the world’s largest security portfolios to help our customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. CyberRes is part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow’s opportunities.

Labels:

Application security
Anonymous