GrammaTech, ArmorCode Partner to Deliver Vulnerability Management Orchestration Across Development Pipelines

GrammaTech-Partners-with-ArmorCode-to-Deliver-Vulnerability-Management-Orchestration-Across-Development-Pipelines

GrammaTech CodeSonar and ArmorCode combine application vulnerability intelligence with AppSecOps workflows for end-to-end product security automation

GrammaTech, a provider of application security testing products and software research services, and ArmorCode, the leader in AppSecOps, announced a technology integration partnership to help customers automate product security across development, testing, feedback and deployment. The GrammaTech CodeSonar SAST (static application security testing) platform provides deep safety and security vulnerability intelligence to ArmorCode for orchestrating application security operations within CI/CD pipelines.

The companies are collaborating to offer integrated solutions for ensuring the safety and security of mission-critical automotive, aerospace, enterprise, and industrial products. GrammaTech will demonstrate its CodeSonar and CodeSentry SBOM products at RSA Conference 2023 at Booth 5300 in the North Expo, while ArmorCode will be in the Early Stage Expo South Level 2, Booth ESE-10.

“Unifying application security tools and intelligence to orchestrate operations across developer pipelines is central to preventing safety and security vulnerabilities from reaching market-ready products,” said Katie Norton, Senior Research Analyst, DevOps & DevSecOps, IDC. “GrammaTech CodeSonar and ArmorCode can enable customers to automate end-to-end DevSecOps workflows instead of stitching together often siloed processes.”

The integration of ArmorCode and CodeSonar provides customers with a centralised 360 degree view of vulnerabilities in CI/CD pipelines and prioritises them for resolution, which is essential for implementing DevSecOps across physically distributed development environments and for satisfying standards-based coding practices such as MISRA for automotive products.

“As organisations across industries adopt DevSecOps to accelerate the delivery of software, the number of security vulnerabilities have increased exponentially. Furthermore, the security teams responsible for protecting the business are struggling to manage the risk and to keep pace with the speed of delivery,” said Mark Lambert, Chief Product Officer for ArmorCode. “This integration between GrammaTech CodeSonar and ArmorCode delivers the visibility and workflow automation these teams need to ship secure software and ship it fast.”

“Identifying and remediating security vulnerabilities in complex development environments that span multiple geographies can be challenging due to siloed data and workflows, which can lead to product delays or worse,” said Vince Arneja, Chief Product Officer for GrammaTech. “Together, CodeSonar and ArmorCode deliver deep visibility into vulnerabilities and automated orchestration capabilities to help customers improve the security of their code, while delivering safer products to market faster.”

The ArmorCode AppSecOps platform unifies vulnerability management to reduce the detection and remediation response time for security risks and minimise the disruption of software release schedules. It centralises findings and remediations from hundreds of application, infrastructure, and cloud security tools; normalises, de-dupes, correlates, and prioritises data; automates critical vulnerability management workflows; and provides developers the information they need to remediate problems quickly.

CodeSonar’s SAST analysis supports all leading product development languages (C, C++, C# and Java) in one unified platform. The platform supports the validation of coding standards and best practices, including MISRA, JPL, CERT-C and static verification using formal method concepts to find defects, including runtime errors, buffer overruns, API misuse, misuse of socket API, suspicious behaviour, dead code and unused variables. It finds defects that impact software quality and security and scales to meet the most rigorous real-world requirements, programs and processes.