Contrast Security Partners with GitHub to Deliver 'Pipeline-Native' Security to Developers

Cybersecurity solutions provider Contrast Security has unveiled four new GitHub Actions aimed at making the process of automating security testing within native pipelines more accessible to developers.

GitHub Actions is a continuous integration and delivery (CI/CD) platform that allows developers to automate their build, test, and deployment pipelines. GitHub Actions enables users to create custom Software Development Life Cycle (SDLC) workflows in their GitHub repositories. Contrast's GitHub Actions embed security into existing developer value streams with each commit, pull request, test, and deployment.

Contrast's four GitHub Actions (now available for deployment) include:

  • Contrast Scan Analyze: designed to provide automated static code analysis within native CI pipelines without leaving the GitHub environment, while prioritizing exploitable vulnerabilities and "weeding out" noise for scan times that are up to 10x faster than competing static application security testing (SAST) tools. There's also how-to-fix guidance within the GitHub pipeline that enables early remediation before promoting to production.
  • Contrast Assess for Azure Spring Cloud: deploys as a Java application with a Contrast Assess Security Java Agent (JAR) to the Azure Spring Cloud PaaS environment to extend security into SDLC automation.

"The addition of Contrast's GitHub Actions to the GitHub Marketplace makes it much easier for development, security, and platform operations teams to drive DevSecOps transformation with automation at scale," said Nikesh Shah, Sr., Director, Strategic Alliances at Contrast Security, in a statement. "By shifting security automation left within native CI/CD tooling, developers can now embed security within delivery pipelines as their code makes its way from build to test, and through production."

Contrast Security's namesake offering is a code security platforms designed to enable enterprise developers to write and release secure application code faster by removing "security roadblock inefficiencies." By embedding code analysis and attack prevention directly into software with instrumentation, the company claims, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation.

GitHub, the vast code-hosting platform (a Microsoft subsidiary since 2018), was launched in 2008, and it's now one of the largest source code hosting services in the world. At last count, it was hosting 40 million users and more than 100 million repositories. The app itself is enormous, comprising more than 400,000 lines of code. And it reportedly gets hundreds of pull requests daily.

Contrast's GitHub Actions are available today with support for Java applications. The company says it's also developing new GitHub Actions for .NET and JavaScript applications.

The company is "actively investing in developer efficiency and ease-of-use" by allowing users to try its products for free by registering with their GitHub credentials.

About the Author

John K. Waters is the editor in chief of a number of sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS.  He can be reached at [email protected].