Making Our Static Analysis Even Better
As development speed has skyrocketed, security testing has shifted “left,” where it increasingly falls within the realm of the developer, rather than the security team. Today, modern application security programs feature centralized governance by security, but testing and fixing are owned by development in an automated fashion throughout the build process. In this approach, security owns setting policies, tracking KPIs and providing security coaching to developers.
In turn, application security needs to work with and how developers work – or get left behind. To facilitate this alignment, AppSec solutions today must support the testing of applications written in languages developers are currently using.
Introducing Scala and Boto3 Support
In our ongoing efforts to improve this alignment with developer processes, we are pleased to announce the following two enhancements to Veracode Static Analysis:
Scala language support: Veracode Static Analysis can now find security-related defects in applications built with the Scala language. Scala, a functional programming language rising in popularity and closely related to Java, is used by many large technology firms and enterprises. It is viewed as better for supporting concurrency than other modern languages like Ruby, and, in 2016, was the No. 1 most demanded programming skill in Dice.com job rankings. It is also No. 11 on the RedMonk Programming Language Rankings (as of January 2017).
Additionally, Veracode Software Composition Analysis can identify risky open source components in Scala applications, allowing teams to identify vulnerabilities in both their own code and in the third-party components used by their applications in the same scan.
Boto3 framework support: Veracode is the only application security vendor to support Boto3 for static analysis. The Boto3 framework for Python enables Python developers to natively access Amazon Web Services APIs.
Benefits of This Update
These updates are beneficial for both:
- Developers writing applications in Scala or in Python with Boto3 who need to deliver secure code to their business and their customers while still meeting delivery requirements.
- Application security managers who must provide assurance across a broad portfolio of applications, including those built in modern languages and targeting AWS as a deployment environment.
Keeping Pace in a DevOps World
This support is the latest development in our continuing efforts to expand the family of languages we cover and keep pace with the shift toward the modern software factory. For a complete list of all the languages we support to date, visit us here.