Idera,
Inc., parent company of global B2B software productivity brands,
today announced powerful new integration capabilities between its
Assembla and Kiuwan™ products. The integration allows development teams
on Assembla to “shift left” and further secure their software
development lifecycle by automatically scanning code in their Assembla
repositories with Kiuwan’s enterprise-grade application security testing
engine.
Verizon’s 2018 Data Breach Investigations Report1 found that
attacks on web applications exploiting code-level or authentication
mechanism vulnerabilities led to the highest number of breaches of all
breach patterns. And according to the Ponemon Institute, the global
average cost of a data breach is $3.86 million.2
Kiuwan provides an enterprise-grade, end-to-end, non-localized static
code analysis (SAST) and code quality analysis (QA) platform. The
Assembla-Kiuwan integration leverages Kiuwan’s SAST scanning engine to
identify potential vulnerabilities and security threats in code, with
the capability to scan more than 30+ languages, technologies, and
frameworks.
Issues detected during weekly scans are automatically highlighted and
recorded in a user’s Assembla code commit history, enabling them to
drill down for further analysis without leaving the repository.
“Until now, Assembla users either weren’t doing any scanning at all, or
they were using separate scanning tools that increased the potential for
error in identifying and resolving vulnerabilities,” said Robert
Warmack, general manager of Assembla. “Similarly, Kiuwan customers had
to use a different system to securely store their source code, and spend
time manually configuring the connection between the two systems to
automate scanning. This integration pushes the envelope on the DevSecOps
playbook, combining the premium capabilities of two world-class
enterprise software development and security products.”
To enable scanning, Assembla users navigate to the Security Scan Results
tab within their repository and check the “weekly code scan” box to turn
the Kiuwan scanner ON. Once a week, the scanner will scan the code
repository within the repository tool for potential vulnerabilities and
security threats, and alert the user to any issues from within the
Assembla repository tool.
All Assembla customers get access to five free vulnerabilities in each
weekly scan. Teams with active subscriptions to both Kiuwan and Assembla
receive unlimited results from the Kiuwan scanner while gaining access
to Kiuwan’s powerful business analytics, flexible and comprehensive
scanning settings, and notifications directly from the Kiuwan dashboard.
Kiuwan users can access this capability by starting a new trial account
with Assembla and enabling the integration between Assembla and Kiuwan
from their Assembla Integrations settings.
Additional Resources
Help article: https://articles.assembla.com/assembla-basics/how-to-use-kiuwan-code-security-scanner
About Assembla
Assembla’s secure enterprise cloud version control solutions help
developers minimize or eliminate vulnerabilities that can be exploited
by hackers. From compliance to source code scanning, Assembla is the
security-forward choice for developing, managing and shipping amazing
software. Founded in 2005, Assembla has more than 5,500 customers across
157 countries, including Deutsche Telekom, Bayer, Kellogg’s, Oracle,
Unity, Disney, Apple, Marketo and Salesforce. Assembla is a division of
Idera, Inc. To learn more, visit https://www.assembla.com/home.
About Kiuwan
Kiuwan’s application security testing platform provides a complete
overview and impact analysis of software architecture in just minutes,
reducing risk and improving change management and DevOps processes. The
solution integrates with leading IDEs, build systems, bug tracking tools
and repositories to detect and eliminate vulnerabilities, and provide
full compliance with security standards. Kiuwan has more than 200
customers in 25 countries. Kiuwan is a division of Idera, Inc. To learn
more, visit https://www.kiuwan.com/.
1https://enterprise.verizon.com/resources/reports/dbir/
2https://www.ibm.com/security/data-breach
View source version on businesswire.com: https://www.businesswire.com/news/home/20190418005195/en/