Develop, Test, Release (DevOps)
Saltworks Security can help your organization shift security left and make it a fundamental and ingrained component of your DevOps processes. We offer a variety of services designed to help you bake security in, not brush it on after coding has already been completed.
Static Scanning Integration
Static scanning tests the code itself for vulnerabilities. Saltworks Security can integrate static scanning of your applications into your DevOps processes by testing your code for vulnerabilities at all points of production, creating integrated processes, and communicating mitigation information and results.
Dynamic Scanning Integration
Dynamic scanning involves testing the running application for security vulnerabilities. Saltworks Security can integrate dynamic scanning into your DevOps by conducting scans on a regularly scheduled basis, managing repositories, and communicating results at both the developer (mitigation) and executive levels.
Open Source Scanning Integration
While greatly aiding development practices, ‘off the shelf’ open source components cannot be trusted to be secure. Saltworks Security can thoroughly test open source components for security vulnerabilities before being the are added to any code base, and then periodically re-inspect them to make sure no new vulnerabilities have been introduced.
Secure Release Management
Releasing secure applications requires planning and coordination. Saltworks Security can manage all aspects of releasing a secure application, including post-deployment necessities like:
- Building a security help desk (Developer to Security service request tracking)
- Go/No-Go ‘stage gate’ automation (DevOps Release)
- Executive Metrics (reporting to show which teams are in compliance with policy and viewing vulnerability statistics)
Saltworks Security application security professionals leverage static analysis tools that check code for security vulnerabilities, including offerings from multiple vendors. All are industry leading solutions designed to find and mitigate security vulnerabilities before applications are released.
Saltworks Security application security professionals employ dynamic analysis tools that check running applications for security vulnerabilities during development and deployment both. Saltworks Security provides the expert analysis and tool optimization that ensure results are accurate and complete.
Open Source Analysis
While open source components have revolutionized development practices, their security can still be circumspect. Saltworks Security manages open source risk across the entire development life cycle.
Penetration Testing with Cobalt
Are your applications subjected to the same real-world attacks malicious actors employ? Organizations can reap security benefits by moving pentesting into the development cycle. Saltworks Security leverages the Cobalt pentesting platform to build serious hacker-like testing into development life cycles and ensure applications are ready to withstand real world attacks.