Now developers can utilize hassle-free security whenever they need it
The pace of software development is accelerating. The development team is under pressure to continuously deliver as App backlogs grow at an alarming rate. Senior leadership—unaware of the problem—demand rapid development and faster release cycles. But the constant and growing presence of cyberthreats means apps need to be secure.
Developers are increasingly leveraging open source software (OSS) in their software stack. But knowing what open source packages an application contains and what OSS components are where, both those that are directly or indirectly included, and what vulnerabilities these might expose, quickly becomes overwhelming.
Modern application development relies heavily on open source
Today modern application development relies heavily on open source software. The amount of open source code in an application has now surpassed the amount of proprietary code and this blind spot—where code is out of the control of developers—continues to grow, leaving organizations open to attacks, creating weaknesses in their security defenses.
But often developers think security slows down and gets in the way of productivity. Too many false positives create tension between AppSec and developers, who either ignore alerts or get overwhelmed by the sheer scale of vulnerabilities identified. This derails developer output and efficiency.
So how can resource-stretched developers, under pressure to release apps, do so in a way that won’t compromise security, while continuing to innovate?
Building secure apps with confidence
A significant area for developing secure code is Software Composition Analysis. Checkmarx SCA allows developers to build applications with confidence using a mix of open source and custom-built code. However, individual developers or small teams of developers, especially those that are just starting their modern application development journey, often aren’t in a position to procure an SCA solution.
Now Checkmarx has teamed up with JetBrains so that its SCA tool is seamlessly integrated into JetBrains IntelliJ IDEA, delivering a free, easy-to-use, secure, bundled plug-in.
This bundled security plug-in is a ‘first’ for JetBrains, who design cutting-edge tools for software developers and have one of the most popular IDEs and, as a result, one of the largest development communities. While Checkmarx is recognized as a leading force behind secure application development, providing solutions for Fortune 500 organizations all the way to individuals. This powerful partnership of two leaders in their space not only illustrates a huge vote of confidence by both parties, but also powers developers to quickly address any security gaps resulting from using open source code.
It couldn’t be easier
This integration provides a frictionless experience developers can take advantage of immediately. And the good news is that developers don’t need to access a console or chase down a report, the plug-in is just there, ready to use. All developers have to do is click on the plug-in in their IntelliJ IDEA and let the plug-in do the work of scanning for open source threats.
The plug-in provides security information about OSS being used within IntelliJ, giving developers the ability to jump straight to deeper information from the extensive Checkmarx Threat Intelligence Database which includes public information about OSS and deep, hands-on analysis by Checkmarx Threat Intelligence teams. This intelligence is provided to developers in a simple, seamless, and integrated format that delivers results without interrupting the developer workflow.
Regain your trust in open source
Now developers can regain their trust in open source by shutting the door on vulnerabilities while still leveraging all the goodness of open source. They can focus on writing great code.
Over the years there has been a growing realization that security is now a shared responsibility between development and security teams. Shifting as much security as possible to where applications are being coded allows organizations to remediate risks more easily with less pain and effort than if those risks aren’t identified until production, especially if an attacker finds them first.
Ultimately, no developer should feel uncertain when leveraging OSS, and whether they are designing apps for fun or work, it is much more productive when applications are built on secure foundations.
Together, Checkmarx and JetBrains make great apps, secure apps.
To find out more about Checkmarx SCA, check out the solution page here.
To dig into JetBrains and get your hands on IntelliJ IDEA for free, click here.