There are more than 73 million developers currently utilizing GitHub, and rightfully so, since GitHub has become a necessary part of any software business in need of a web presence. And while GitHub does offer some level of security within their tool set, their capabilities in speed and accuracy of scan ultimately fall short when compared with other security tools in the market. This forces many users to rely on third-party integration available within the GitHub Marketplace for additional support in securing their Continuous Integration/Continuous Deployment (CI/CD) pipeline from vulnerabilities like Apache Log4j 2.
As the management of modern web development becomes more complex, security coverage is a growing concern for Application Security (AppSec) managers, DevOps and Developers alike, who all want to make sure that the code posted on their repository is secure from all source code and open-source vulnerabilities before it’s shipped for deployment.
That’s why Contrast Security is expanding its SCA coverage with its newest GitHub Action feature, marking Contrast Security’s first step to deliver a superb SCA experience to both developers and AppSec teams. The new GitHub Action feature scans without any agent dependencies, enabling developers to scan their code before public release and automatically withhold it from deployment to prevent vulnerable libraries from being introduced into the main branch. In the CI/CD pipeline, the Contrast agent can now be deployed to get richer data on SCA usage.
Curious about our new GitHub Action?
Contrast built its SCA functionality to equip developers with fast and accurate security for real-world applications. That’s why Contrast has made this GitHub integration available not only within our enterprise version of Contrast SCA, but also within Contrast’s new free-to-use developer security motion, CodeSec, as well. Powered by the same Software Composition Analysis (SCA) scanning engine as the enterprise version of Contrast SCA, CodeSec allows developers to rely on the same level of performance and accuracy as our enterprise customers — for free!
Test out Contrast SCA’s newest GitHub Action feature for yourself with CodeSec!
To learn more about Contrast's new GitHub Action: