Symbiotic Security announces updates to its application and IDE extension. Those updates provide recommendations for secure coding and fix vulnerabilities while code is being written.
In a blog post, Symbiotic Security writes that with the company’s software, security is no longer an afterthought. Security, the company writes, is where it always should have been. Namely, it is integrated into the software development lifecycle (SDLC) as a fundamental part of the coding process. The software continuously scans both already written code and new code. This allows the application to identify and resolve potential threats even during the coding process.
Symbiotic Security revamped the dashboard that provides insights and reports so that developers get a 360-degree view of code vulnerabilities. The company also added new dashboards that help developers better understand and monitor their progress on vulnerabilities.
Also read: Dynatrace’s raft of updates: AIOps, CSPM, and more
Just-in-time training
Another addition is a policy violation indicator, which shows developers whether a vulnerability will pass integration. Finally, a new training tab has been integrated into the IDE, offering just-in-time training, resource links and examples of vulnerable code.
According to Edouard Viot, co-founder and Chief Technology Officer of Symbiotic Security, developers need real-time actionable insights. Only then, he says, can they write secure code with confidence. Viot says the updates ensure that developers and security teams get the insights they need without disrupting workflow.
Thousands of instances of malicious code
The focus on preventing code vulnerabilities is not without reason. Research by security firm Apiiro shows that thousands of instances of malicious code are present in repositories and packages. The research focused on in-depth code analysis.
Apiiro states that the security of dependency managers and source code hosting platforms is still evolving. According to the researchers, that security has major gaps, such as in verifying human and digital identities, validating source code and releases, and more. Apiiro also recognizes many security problems in build systems, artifact managers, and pipeline tools.