DevSecOps 工具,SaaS
Application Analysis
Five application security analysis types in one solution, all integrated into the development pipeline.
Static Analysis 白盒测试
- Feedback While Coding,与 IDE 集成,实时反馈,提供修复指导
- Fast Results,编译时扫描,可以中止编译
- Satisfying Auditors,完整评估确保合规,提供沙盒环境测试 policy
- High Accuracy
- Intergrated Into Tooling,与多种服务集成,也提供 API
- Focus On Fixing,开发者获得建议、指导和视频教程
Software Composition Analysis
- Leverage Open Source
- Identify Vulnerabilities In Open Source,扫描已知漏洞,提示版本更新
- Get Fast Feedback,pipelines 和 IDE 中都可以集成并扫描
- Find More Than NVD(National Vulnerability Database)
- Prioritize Vulnerabilities,确定到执行路径,确定优先级
- Assess Dependencies Several Layers Deep,开源库引用的库也扫描
- Get Remediation Guidance And Automation,提供升级建议甚至直接提 Pull Request
Interactive Analysis
- Embed DevSecOps In The Pipeline
- Find Vulnerabilities Fast,利用已有的 QA 阶段发现问题
- Simplify Testing,一个 agent 测试多种编程语言
- Get Accurate Results,减少误报和重复的结果
- Customize Vulnerability Checks
Dynamics Analysis 黑盒测试
- Reduce Risk From Web Apps
- Scan In Parallel,同时测试上千个 Web 应用
- Remediate With Actionable Data,展示如何被攻击及应用的响应方式,提供修复指导
- Scan Non-Public Apps,利用 Gateway 实现扫描非公网应用
- Integrate With The Build Process,可以和编译工具集成或通过 API 触发
- Easily Scan Behind Login Screens
Discovery
- Protect Unknown Apps
- Map Attack Surface,发现并识别 Web 应用
- Easily Set Up Scans,与 Dynamics Analysis 集成,简化发现并扫描的流程
- Scope M&A Risk,对被收购方的 Web 应用做安全审计
- Reduce Attack Surface
Manual Penetration Testing
Developer Enablement
Veracode provides developers with security feedback in their IDE in seconds as they are writing code, helping them learn on the job.
Empower Development Teams
- Security feedback in the IDE in seconds
- Fix-first recommendations alongside findings
- Automated fix advice
- Code reviews with secure coding experts
eLearning for developers and security champions
Focus on Fixing
Reduce New Flaws
DevSecOps in the Pipeline
Developer Training
eLearning
- Instructor-Led Training
- Developer Workshops
AppSec Governance
Veracode helps security teams to demonstrate the value of AppSec.
Define Program to Achieve Goals
- risk reduction
- compliance with internal policies
- contractual requirements, laws and regulations
Scale Through Best Practices
Demonstrate program success to stakeholders using proven metricsPolicy Management
Remediation Management
Analytics & Reporting
Veracode Verified
Success Programs
Other
Web Application Scan by DynamicDS
Mobile Application Security
Vendor Application Security
Pricing
官方估算 €7 per vulnerability