GitLab to integrate Peach Tech and Fuzzit fuzz-testing into its DevOps lifecycle tool, helping developers to catch security bugs earlier on
GitLab said it has acquired two providers of tools and services for fuzz testing, a method for automatically testing the way software responds to unexpected, invalid or random data in order to catch possible security glitches.
The company, which makes a web-based DevOps lifecycle tool based on a Git-repository manager, said the acquisition of Peach Tech and Fuzzit would help DevOps teams to incorporate fuzz testing earlier into the application development process, a practice known as “shifting security to the left”.
Peach Tech provides protocol fuzz testing and dynamic application security testing (DAST) tools, while Fuzzit makes a continuous fuzz testing offering.
Peach Tech’s Peach Fuzzer is an automated security testing platform that uses definition files called Peach Pits to generate fuzzed data, along with a framework for automating web application programming interface (API) security testing.
Fuzzit’s service, meanwhile, allows DevOps teams to continuously generate fuzz tests and integrate them into continuous integration/continuous delivery (CI/CD) workflows.
GitLab said the acquisitions would provide customers with access to both coverage-guided and behavioral fuzz testing techniques.
Once the technologies are fully integrated, GitLab Secure users will be able to automate tasks ranging from as security testing to vulnerability management and remediation, GitLab said.
The company said it would use technologies from Peach Tech and Fuzzit to help drive the adoption of interactive application security testing (IAST) by making it easier for developers to deploy and use DevSecOps tools.
GitLab chief executive Sid Sijbrandij said the new tools would bolster the application security testing resources available to customers while helping them to catch security issues earlier on.
“This simultaneously simplifies their workflows and creates collaboration between development, security, and operations teams,” Sijbrandij said.