Lacework, the data-driven security company, announced a range of updates to its code security offering headlined by Smart Fix, a new capability for automated risk remediation. Initially released to identify and navigate common vulnerabilities and exposures (CVEs) in third-party and open-source software, Smart Fix will later extend to the full Lacework platform to improve remediation across the entire cloud-native application lifecycle.
Last November, Lacework introduced its code security offering which unified code and cloud security, and enabled enterprises to accelerate the delivery of secure cloud applications. With that release, Lacework introduced two forms of code analysis as nodes in its cloud native application protection platform (CNAPP): software composition analysis (SCA) evaluates third-party code for CVEs, while static application security testing (SAST) covers common weakness enumeration (CWE) for first-party code.
The Lacework approach to code security is unique and goes beyond basic functionality. It gives teams continuous visibility into exactly where vulnerable functions are used in the code, how often each vulnerability is referenced, and whether they are exploitable in running workloads. The approach creates unique value for customers, who gain an always-up-to date software bill of materials (SBOM) for every direct and transient dependency within their software supply chain, and a keen understanding of open-source license risk.
Lacework SAST uses a sophisticated set of precise techniques to analyze call chains and control paths of an application, simplifying a security domain in which traditional tools provide noisy results, false positives, and missed weaknesses. The system learns when a developer has added compensating controls to mitigate risk and the Lacework platform’s highly-configurable engine allows security engineers to easily customize and add rules to meet the specific needs of their codebases. Lacework SAST is both fast and accurate, with low false positives and negatives.
Ultimately, the Lacework approach to code security empowers developers to quickly secure third-party and first-party code, and security teams to scale expert reviews to millions of lines of code per minute for their most exposed internet-facing applications.
Now, with Lacework Smart Fix, the unparalleled speed and accuracy of Lacework code security comes with automatic remediation for third-party code vulnerabilities.
SOURCE: PRNewswire