CODE SCANNERS CANNOT MEET MODERN DEVOPS

Traditional application security (AppSec) models that use static application security testing (SAST) and dynamic application security testing (DAST) are plagued by development delays, false positives, as well as false negatives. False positives are a foundational weakness of security results from code scanners that are “blind” to the runtime context of applications such as the controller, application logic, data layer, presentation view, user libraries, open-source components, and application server.

In addition to the above, their point-in-time security approaches, which are signature based, only identify known threats and miss unknown threats—thereby resulting in increased significant risk exposure. Scanning code line by line, SAST and DAST approaches also struggle to map out full visibility of the application attack surface—especially in the area of application programming interfaces (APIs).

Integrate

Contrast Community Edition works by deploying an intelligent agent that instruments the application with smart sensors to analyze code in real-time from within the application. 

PRODUCT TOUR

You can hit the ground running with Contrast Community Edition—able to integrate AppSec directly into the modern DevOps tools you already use. Using the flexibility and extensibility of the Contrast DevOps-native AppSec Platform, you can deploy Community Edition onto your Platform-as-a-Service (PaaS) of choice, be the first to know about new vulnerabilities through chat tools, add security gates to continuous integration/continuous deployment (CI/CD) pipelines, track remediation through ticketing systems, and learn about remediation options in integrated development environments (IDEs) and code editors.

 

KEY INTEGRATIONS

  • Development
    CS CE Page V1 CS CE Page V1 (1) CS CE Page V1 (2) CS CE Page V1 (5) CS CE Page V1 (4) CS CE Page V1 (3) CS CE Page V1 (6)
  • Testing
    gradle jenkins maveen bamboo junit
  • QA
    jira threadfix bugzilla serena
  • Operations
    splunk arcsight log-rythem pager-duty even-vault
  • Supported Environments
    amazon pivotal azure docker CS CE Page V1 (7)

WHY WE BUILT IT

The world faces a software security crisis where most organizations are unable to perform even basic application security, putting everyone's personal financial, healthcare, and other data at risk. Firms can't rely on their development teams to address security and must depend on hard-to-find security experts, slow and inaccurate tools, and lengthy, complex review processes late in the SDLC.

To make modern security available to all organizations, large or small, regardless of ability to pay, Contrast Security launched Community Edition in 2018, a free and full-strength application security platform that provides “always on” IAST, RASP, and SCA for Java applications and APIs.

Create Free Account