News

GrammaTech Partners with GitLab to Add Shift-Left Capabilities to the CI/CD Pipeline

• By John K. Waters
• March 11, 2021

App security testing tools provider GrammaTech today announced a technology partnership with GitLab to integrate the GrammaTech CodeSonar Static Application Security Testing (SAST) solution with GitLab's Ultimate DevSecOps platform. With this integration, the two companies aim to allow users to implement code analysis early and directly within CI/CD pipelines.

The CodeSonar solution is designed to "shift security left" in DevSecOps by detecting and eliminating bugs and vulnerabilities at the earliest stages of the development cycle. The integration of CodeSonar with GitLab enables organizations to develop and release software with fewer defects and exploitable weaknesses that can cause system failures, enable data breaches, and increase liability, the company says.

The GrammaTech module for GitLab provides native SAST capabilities that scan code for defects within CI/CD pipelines, which eliminates the need for integration and maintenance by users. It enables devs to assess code continuously, avoiding the mistakes and rework associated with waiting until the testing phase to scan for security problems.

Analyst at Gartner define SAST, or static analysis (aka "white box testing") as "a set of technologies designed to analyze application source code, byte code, and binaries for coding and design conditions that are indicative of security vulnerabilities." SAST solutions, such as GrammaTech's CodeSonar, analyze an app from the "inside out" in a nonrunning state.

GitLab is a web-based Git repository that provides free, open, and private repositories, issue-following capabilities, and wikis. The organization bills its namesake offering is a complete DevOps platform that enables devs to perform all the tasks in a project, from project planning and source-code management to monitoring and security.

"Through this strategic partnership and integration, GrammaTech CodeSonar and its unique static application security testing capabilities are now natively available to development teams from within the GitLab CI/CD pipeline," said Vince Arneja, Chief Product Officer at GrammaTech," in a statement. "This enables security to move seamlessly from testing into development workflows, allowing enterprises to transform secure coding and accelerate software delivery."

Based in Bethesda, MD, with an R&D center in Ithaca, NY, GrammaTech is a cybersecurity research partner for the U.S. civil, defense, and intelligence communities. The company recently launched a new Shift Left Academy website as an educational resource aimed at helping developers implement a "security first" approach. The company plans to include input on the site from such well-known security mavens as Steve Lipner, executive director of SAFECode, and Jim Routh, former CISO of Aetna and a member of the Cyber Advisory Board at Security Leadership Capital.

"GitLab is pleased to welcome GrammaTech as a strategic partner," said Michelle Hodges, VP of GitLab's Global Channels group, in a statement. "The company's enterprise SAST expertise and CodeSonar product are a natural fit for our customers in the automotive, IoT and aerospace sectors."