Orca Security, the pioneer of agentless cloud security, announced new application security capabilities that unify security, DevOps and development teams to enable a full lifecycle approach to securing cloud native applications. New capabilities that include Static Application Security Testing (SAST), open-source license detection, and remediation actions driven by artificial intelligence (AI), introduce a revolutionary approach to cloud security by connecting development risk and production more closely than ever before.
The Orca Cloud Security Platform provides comprehensive security and compliance checks across the full software development lifecycle, offering code security that includes software composition analysis (SCA), secrets detection, infrastructure as code (IaC) security, and container image scanning. In addition, Orca traces findings from the production environment back to the original application development artifacts, ensuring security teams can partner with development and DevOps teams to fix risks quickly.
“There’s a symbiotic relationship between securing production and building secure applications that Orca is intently focused on supporting and nurturing. With these new capabilities we’ve found, and seized, the opportunity for organizations to prevent security issues in production by both shifting left and generating code to fix issues already found in production,” said Gil Geron, CEO and Co-Founder of Orca Security. “Changing the way we develop applications to improve security will eliminate risk in the cloud, and creates tremendous opportunity ahead for Orca and our customers.”
Also Read: Bluevine announces partnership with Xero to deliver banking solutions for small businesses
Orca’s comprehensive code security scanning is fortified with an extensive suite of built-in and customizable security policies that detect issues and block risky builds from proceeding. It prevents vulnerabilities, misconfigurations, and other risks from ever reaching production, reducing cloud alerts and saving teams from the most time-consuming remediations.
The new AppSec features of the Orca Cloud Security Platform include:
- Static Application Security Testing (SAST). A majority (62%) of organizations have severe vulnerabilities in their code repositories, according to research from Orca’s 2024 State of Cloud Security Report. Addressing vulnerabilities early in the Software Development Lifecycle (SDLC) is a critical component to mitigating these risks. With a fully integrated SAST solution, Orca scans custom code against a comprehensive set of security policies to detect and secure vulnerabilities in first-party codebases. These policies set guardrails for developers, enforcing secure coding practices by blocking risky builds and notifying developers of issues.
- Open-Source License Detection. The majority of commercial codebases consist of open-source software (OSS) components because they boost productivity and streamline workflows. But they also expose organizations to unknown risks like licensing requirements. Orca’s AppSec solution ensures users can address issues before projects reach production and also enables them to easily search for licenses in runtime across all assets and installed packages. It provides full visibility into each license, its classification, and all relevant metadata, helping organizations identify potential violations, avoid substantial legal risks, and support compliance efforts.
- AI-Driven Remediation for Code. Patching a misconfiguration in runtime can allow the same risk to surface in future deployments. Yet fixing issues at their source can prove challenging in complex and fast-moving cloud-native environments. Orca’s AI-Driven Remediation makes this process fast and seamless with one-click pull requests (PRs) directly from the Orca Platform. Teams can now identify misconfigurations and other risks, fix them at the source, and commit secure changes without friction. Simplifying and accelerating effective code attribution and remediation across the application lifecycle dramatically improves cloud and application security. And through native integration with GitHub, GitLab, and Azure DevOps, users can seamlessly leverage one-click PRs for their preferred source code management (SCM) platform.
SOURCE: BusinessWire