The Orca Cloud Security Platform bridges the gaps between cloud and application security with new SAST, OSS License Scanning, and AI-Driven remediation capabilities
Orca Security, a leader in agentless cloud security, has introduced enhanced application security capabilities aimed at bridging the gap between security, DevOps, and development teams. These new features — including Static Application Security Testing (SAST), open-source license detection, and AI-driven remediation actions — provide a groundbreaking approach to cloud security by linking development risk and production more closely than ever before.
The Orca Cloud Security Platform offers end-to-end security and compliance coverage throughout the entire software development lifecycle. It includes features such as software composition analysis (SCA), secrets detection, infrastructure as code (IaC) security, and container image scanning. In addition, Orca connects production environment findings to their originating application development artifacts, enabling collaboration between security, development, and DevOps teams to swiftly address and resolve risks.
“There’s a symbiotic relationship between securing production and building secure applications that Orca is intently focused on supporting and nurturing. With these new capabilities, we’ve found, and seized, the opportunity for organizations to prevent security issues in production by both shifting left and generating code to fix issues already found in production,” said Gil Geron, CEO and Co-Founder of Orca Security. “Changing the way we develop applications to improve security will eliminate risk in the cloud and create tremendous opportunity ahead for Orca and our customers.”
Orca’s comprehensive code security scanning is bolstered by a robust set of built-in and customizable security policies that identify risks and prevent risky builds from progressing. These measures stop vulnerabilities, misconfigurations, and other security concerns from reaching production, reducing cloud alerts, and saving teams from lengthy remediation processes.
Also Read: Qualys Launches TotalAppSec: New App Risk Management Solution
Key new AppSec features in the Orca Cloud Security Platform include:
- Static Application Security Testing (SAST): According to Orca’s 2024 State of Cloud Security Report, 62% of organizations face severe vulnerabilities in their code repositories. Addressing these vulnerabilities early in the Software Development Lifecycle (SDLC) is essential to reducing risk. Orca’s fully integrated SAST solution scans custom code against a broad set of security policies to detect and secure vulnerabilities in first-party codebases. These policies serve as guardrails, ensuring secure coding practices by blocking risky builds and alerting developers to issues.
- Open-Source License Detection: Open-source software (OSS) is a crucial component of many commercial codebases, offering productivity benefits but also exposing organizations to hidden risks, such as licensing requirements. Orca’s AppSec solution helps users address these issues before projects reach production. It enables easy searching of licenses in runtime across all assets and installed packages, providing full visibility into each license, its classification, and relevant metadata. This allows organizations to identify potential violations, mitigate legal risks, and support compliance efforts.
- AI-Driven Remediation for Code: Fixing runtime misconfigurations can lead to recurring risks in future deployments. Yet, correcting issues at the source in complex, fast-moving cloud-native environments is often challenging. Orca’s AI-Driven Remediation streamlines this process with one-click pull requests (PRs) directly from the Orca Platform. Teams can now identify misconfigurations, address them at their source, and implement secure changes with ease. This acceleration in code attribution and remediation significantly enhances both cloud and application security. Additionally, Orca seamlessly integrates with GitHub, GitLab, and Azure DevOps, enabling users to leverage one-click PRs within their preferred source code management (SCM) platform.
This unified approach from Orca Security marks a significant shift in securing cloud-native applications, empowering development and security teams to collaborate more effectively, prevent issues early, and respond to risks swiftly.