Solar Security has announced the release of a new version of its app security analyzer, Solar appScreener 3.6, which supports Pascal and features improved integration with GitLab, GitHub and Bitbucket code version management and storage systems.
To meet international customers’ needs, the new version of our app vulnerability and undocumented feature analyzer, Solar appScreener 3.6, now supports Pascal. The predecessor of Delphi, this language underpins a variety of legacy systems that organizations around the globe actively employ for their internal needs.
“In the 1990s, Pascal variants were widely used to develop various software solutions, from research applications to computer games. Today, its derivative, Object Pascal, underlies some Windows applications.
“Now, together with Pascal support, Solar appScreener can analyze applications in 34 programming languages, surpassing all competing systems in both domestic and international markets,” said Daniil Chernov, Head of Software Security Solutions Center at Solar Security LLC.
Tighter Solar appScreener integration with GitLab, GitHub and Bitbucket is an important step towards better automation of code vulnerability scanning. This integration allows the analyzer to monitor, in an unattended mode, the submission of a new code version in a repository, automatically start analyzing new code fragments for vulnerabilities, and then send scan results to a responsible employee.
While the above functionality previously required manual configuration, since version 3.6, it has been available out of the box. Remarkably, the new code submission is now monitored not via a CI/CD server, but directly from the repository by means of push- and tag-events. This makes life easier for those companies that do not use CI/CD servers or bypass them in their development process.
The new version is also more user-friendly. Therefore, its interface now supports the creation of empty projects that do not contain any scans but allow for integrations with repositories to be configured in advance in order to automatically analyze a code in the future.
This feature is relevant, for example, when developers fail to build on the source before Solar appScreener implementation in their company, while the customer wants to start vulnerability monitoring from a more or less complete app version.
In addition, the interface allows for event log exporting, which is useful, for example, when an error was made when starting a scan and the analysis process was not performed correctly, but the customer cannot figure out the cause of failure on their own.
Now, a user can export required log files from the system in a couple of clicks, and Solar appScreener technical support team will quickly fix the error and help to start the process correctly.
Moreover, Solar appScreener 3.6 also supports Prometheus multi-platform analytic tools and Grafana interactive visualization, which is good news for large companies that already leverage these tools for system health monitoring.
This functionality is demanded by those customers that need up-to-date information on analyzer state, including high process latency, failures, system load and performance, etc.
Roles across software development teams have changed as more teams adopt DevOps, according to GitLab.
The survey of over 3,650 respondents from 21 countries worldwide found that rising rates of DevOps adoption and implementation of new tools has led to sweeping changes in job functions, tool choices and organization charts within developer, security and operations teams.
“This year’s Global DevSecOps Survey shows that there are more successful DevOps practitioners than ever before and they report dramatically faster release times, truly continuous integration/deployment, and progress made toward shifting both test and security left,” said Sid Sijbrandij, CEO at GitLab.
“That said, there is still significant work to be done, particularly in the areas of testing and security. We look forward to seeing improvements in collaboration and testing across teams as they adjust to utilizing new technologies and job roles become more fluid.”
It’s a changing world for developer, operations and security teams and that holds true for roles and responsibilities as well as technology choices that improve DevOps practices and speed up release cycles. When done right, DevOps can go a long way to improve a business’s bottom line, but there are still obstacles to overcome to achieve true DevSecOps.
DevOps adoption and software development teams
Every company is now a software company and to drive business results, it is even more critical for teams to understand how the role of the developer is evolving – and how it impacts security, operations and test teams’ responsibilities.
The lines are blurring between developers and operations teams as 35% of developers say they define and/or create the infrastructure their app runs on and 14% actually monitor and respond to that infrastructure – a role traditionally held by operations.
Additionally, over 18% of developers instrument code for production monitoring, while 12% serve as an escalation point when there are incidents.
DevOps adoption rates are also up – 25% of companies are in the DevOps “sweet spot” of three to five years of practice while another 37% are well on their way, with between one and three years of experience under their belts.
As part of this implementation, many are also seeing the benefits of continuous deployment: nearly 60% deploy multiple times a day, once a day or once every few days (up from 45% last year).
As more teams become more accustomed to using DevOps in their work, roles across software development teams are starting to shift as responsibilities begin to overlap. 70% of operations professionals report that developers can provision their own environments, which is a sign of shifting responsibilities brought on by new processes and changing technologies.
Security teams unclear about responsibilities
There continues to be a clear disconnect between developers and security teams, with uncertainty about who should be responsible for security efforts. More than 25% of developers reported feeling solely responsible for security, compared to testers (23%) and operations professionals (21%).
For security teams, even more clarity is needed, with 33% of security team members saying they own security, while 29% (nearly as many) said they believe everyone should be responsible for security.
Security teams continue to report that developers are not finding enough bugs at the earliest stages of development and are slow to prioritize fixing them – a finding consistent with last year’s survey.
Over 42% said testing still happens too late in the life cycle, while 36% reported it was hard to understand, process, and fix any discovered vulnerabilities, and 31% found prioritizing vulnerability remediation an uphill battle.
“Although there is an industry-wide push to shift left, our research shows that greater clarity is needed on how teams’ daily responsibilities are changing, because it impacts the entire organization’s security proficiency,” said Johnathan Hunt, vice president of security at GitLab.
“Security teams need to implement concrete processes for the adoption of new tools and deployments in order to increase development efficiency and security capabilities.”
New technologies help with faster releases, create bottlenecks in other areas
For development teams, speed and faster software releases are key. Nearly 83% of developers report being able to release code more quickly after adopting DevOps.
Continuous integration and continuous delivery (CI/CD) is also proven to help reduce time for building and deploying applications – 38% said their DevOps implementations include CI/CD. An additional 29% said their DevOps implementations include test automation, 16% said DevSecOps, and nearly 9% use multi-cloud.
Despite this, testing has emerged as the top bottleneck for the second year in a row, according to 47% of respondents. Automated testing is on the rise, but only 12% claim to have full test automation. And, while 60% of companies report deploying multiple times a day, once a day or once every few days, over 42% said testing happens too late in the development lifecycle.
While strides toward implementing DevOps practices have been made, there is more work to be done when it comes to streamlining collaboration between security, developer and operations teams.