On June 2, 2022, Contrast Security released a new, free developer security tool: CodeSec by Contrast. The tool brings fastest and most accurate scanner in the market right to developers at no cost. Providing actionable remediation guidance, CodeSec by Contrast enables developers to get up and running in less than five minutes.
International Data Corporation (IDC) — a global provider of market intelligence, advisory services and events for the information technology sector — has shown interest in Contrast's latest free approach to developer security and has provided its insight on CodeSec in a recent report that entails what the product offers and how it aims to “help developers painlessly identify insecure code earlier in the software development lifecycle.” This blog will deliver a brief overview of IDC’s findings. To read the full IDC Link, click here.
What CodeSec delivers
CodeSec enables developers to secure both traditional and serverless environments by offering these two tools through a simple command-line interface (CLI):
- CodeSec Scan: A Static Analysis Security Testing (SAST) tool that supports the scanning of Java, JavaScript and .NET webforms, providing actionable remediation guidance. Users are provided 200 free scans per month.
- CodeSec Serverless: A serverless tool that scans applications in Java & Python running on AWS Lambda, providing actionable remediation guidance. Users are provided unlimited free serverless scans but are unable to run them concurrently.
Designed for single developer use, the tool offers a quick self-service installation process; developers can sign up with their GitHub or Google accounts. Alternatively, developers can use the provided GitHub Action to connect with their GitHub pipeline. CodeSec provides developers with a prioritized view of vulnerabilities by their exploitability along with immediate remediation guidance, all through their terminal.
IDC's findings
Based on IDC’s, DevSecOps Adoption, Tools, and Techniques Survey (IDC #US47597321, April 2021) and an initial review of CodeSec by Contrast, IDC developed a complete report of its findings on how Contrast's latest product aims to support the growing demand for a market-leading, developer-focused tool.
- 64 percent of the respondents acknowledged that to scale DevSecOps, security tools must be accepted by developers as tools they want to use. In an ideal solution, scans should be a seamless part of the developer workflow and provide accurate results that can be relied on and acted upon.
- Developer-friendly places to integrate security include the integrated development environment (IDE), code review and the CLI, the last of which is the route taken by CodeSec by Contrast.
- One-third of respondents acknowledged that the biggest barrier to empowering developers to find and fix vulnerabilities was the slow security scanning process with insufficient automation.
- The enhanced capabilities in the CodeSec offering present an opportunity for Contrast to differentiate itself from other freemium Application Security Testing (AST) products. Contrast should continue to elevate these differences, so developers will understand that the technology behind CodeSec by Contrast is enterprise-tested.
For more details on IDC’s comprehensive Link review of CodeSec by Contrast, including IDC’s point of view on the shift-left movement and how CodeSec by Contrast aims to facilitate developer security, click here to read the full IDC Link.
