SD Times news digest: Checkmarx adds new GitHub Action, Imperva to acquire jSonar, APIsec introduces automated pen-test report for APIs


The new Checkamarx GitHub action provides automated security scans within GitHub repositories. 

According to the company, it integrates its application security testing solutions – Checkmarx SAST (CxSAST) and Checkmarx SCA (CxSCA) – directly with GitHub code scanning.

“Checkmarx and GitHub share a similar mission in that we’re both focused on helping developers strike a balance between software development speed and security,” said Robert Nilsson, vice president of product management for Checkmarx. “The key to this lies within the power of automation, which helps to simplify the implementation and process of security testing in today’s fast-paced DevOps environments. We’re excited to bring our best-in-class, automated SAST and SCA solutions to the GitHub community and are confident this will enhance developers’ experience and ability in finding and fixing code-borne vulnerabilities.”

Imperva to acquire jSonar
With jSonar, Imperva will be able to provide comprehensive security to support the entire data lifecycle.

This includes a blend of agents and agentless to cover for hundreds of different data stores and environments, both on-premises and in the cloud, a strong UEBA coupled with a native SOAR containing thousands of integrations, data retention, intelligent reporting, and many more capabilities. 

“Together we can help companies meet the demands of new use cases and platforms, providing ultimate flexibility for any customer: For existing Imperva and Guardium customers, for customers new to DAM solutions, for big enterprises and small startups, for cloud, on-premise, and hybrid, and for regulated and unregulated customers who just want to be safe and secure…in a way that is easy to use and provides real and immediate value,”  said Ron Bennatan, the CTO of jSonar.

APIsec introduces automated, certified pen-test report for APIs
APIsec’s update to its API security platform allows enterprise security and compliance groups to obtain certified and compliant API penetration testing reports on-demand.

Enterprise security and compliance groups are mandated to perform periodic penetration testing of their applications as required by industry standards like SOC, HIPAA, PCI, NIST, GDPR, CCPA, and FedRAMP.

Credit: Source link