I am very pleased to announce the General Availability (GA) of Code Dx 5.3, with native integrations for Snyk, Aqua Security, and Anchore. These integrations help our customers integrate container security into their continuous development processes. As we move increasingly towards a cloud native world, we’re working to ensure that developer-first tooling, secure cloud infrastructure, container security, and open source tools are fully integrated into Code Dx 5.3. This helps our customers to work at the speed of DevOps, without leaving security behind.
Container security scanning
In June 2020, Gartner predicted that “by 2022, more than 75% of global organizations will be running containerized applications in production, up from less than 30% today.” Indeed, Gartner expects that up to 15% of enterprise applications will run in a container environment by 2024 (it was less than 5% in 2020). This leap forward in container adoption highlights the importance of support for container security scanning, which is included in the Code Dx 5.3 release. While many organizations have historically been slow to adopt containers due to application backlogs, technical debt, and constraints on budget and staff resources, the pandemic and an acceleration towards cloud adoption over the last year have driven many organizations to push forward with container adoption to modernize applications.
Designed to operate at scale with the latest technology stack
Our product and engineering teams continue to improve the performance of the findings page, helping our customers quickly determine which results need attention and remediation first, based on the range of security software testing tools in use in the organization. In addition, our machine learning training and prediction models now deliver faster performance, speeding the time to insight for our customers. This overall improved performance in Code Dx 5.3 helps our customers triage and remediate vulnerabilities at the speed of DevOps.
New tool connector support
Our native tool connectors allow Code Dx to programmatically pull vulnerability data from external tools to allow for seamless interconnectivity.
- Aqua Cloud Native Security Platform (CSP) connector enables enterprises to secure workloads on-premises or in the cloud for containerized, serverless and VM-based applications from the CI/CD pipeline in development to production runtime environments.
- Tenable.io connector provides a risk-based view of your web apps including IT, cloud, and containers.
- Integrated Snyk Connector for Containers allows developers to find and fix vulnerabilities in container images. It also supports Snyk Open Source and License Compliance Management to manage open source dependencies used to build cloud native applications.
- Anchore is a container security workflow solution for enterprise DevSecOps.
Faster delivery – securely
Code Dx Enterprise automates the arduous workflows needed to centralize finding, analyzing and fixing security vulnerabilities across disparate security tools—at DevOps speed. Code Dx orchestrates scan automation, automates triage, and prioritizes tracking and remediation of vulnerabilities. It does this while continuously assessing the security risks across the entire software lifecycle. The Code Dx connectors allow customers to pull in open source and container vulnerabilities programmatically into Code Dx to allow it to de-duplicate, normalize, and correlate all the findings and offer a single, coherent thread of prioritized issues.