StackHawk, the company making application security testing part of software delivery, announced GitHub Pull Request Checks, a new feature expanding its GitHub Marketplace App to include pull request comments, commit statuses and scan tagging capabilities. Pull requests are at the heart of the development workflow, with over 83 million developers relying on GitHub pull requests to introduce new code, complete code reviews and review automated test results. Receiving feedback on security testing within these requests is a natural extension of this workflow. StackHawk’s GitHub Pull Request Checks incorporates security scan results into pull request comments, so developers can review findings in real-time, and easily jump to the StackHawk interface to triage or remediate a vulnerability if needed.
The new functionality also enables security and development teams to work more efficiently by linking StackHawk scans to the relevant GitHub branch and commits. Security and DevSec teams can leverage these details to provide valuable information as to when and where a vulnerability was introduced when collaborating with developers on complex fixes.
Also Read: Evolon Announces Appointment of Cynthia Keith to Board of Directors
“In today’s world, where applications and APIs are the number one attack vectors, giving developers the tools to fix vulnerabilities before an issue hits production is critical for all organizations,” said Joni Klippert, StackHawk co-founder and CEO. “StackHawk was built to put application and API security in the hands of developers, and while we’ve been the leader of developer-centric tooling in DAST, the next step forward is enabling developers to work on security issues within their normal environment and existing workflows. Integrating with GitHub repositories to deliver DAST results where developers are already monitoring code feedback and other software test results gets us even closer to completing our vision.”
Without a developer-first approach, traditional security cannot keep pace with the current speed of software development, as teams are expected to build and deploy new code daily or more frequently. Automating security feedback on every pull request and fixing vulnerabilities before production makes securing code part of the continuous development workflow, aligning security testing with other automated testing processes that are completed before deploying software.