17.7 C
New York
Thursday, September 29, 2022

AutoRabit tool seeks to simplify Salesforce security for DevOps – TechTarget

kras99 – stock.adobe.com
AutoRabit’s CodeScan Shield, released this week, enables Salesforce development teams to check for compliance as well as code vulnerabilities across the entire Salesforce landscape from sandboxes to production.
CodeScan Shield has two modules: CodeScan, an existing application security testing module that AutoRabit acquired in 2021; and OrgScan, a new policy management module that controls who has access to components of an enterprise’s Salesforce environment. The platform aims to simplify security scanning, which is needed as security continues to shift left, placing more responsibility for security on developers, according to industry analysts.
“AutoRabit is extending the static analysis beyond code scanning for security issues,” said Jack Poller, analyst at Enterprise Strategy Group (ESG), a division of TechTarget. “With OrgScan, DevOps teams are able to evaluate how well the application adheres to security and compliance policies.”
Checking for organizational compliance, such as adherence to a multifactor authentication policy, is usually not part of static application security testing (SAST) tools because these are policy violations, not code issues, he said.
Besides extending security checks, CodeScan Shield aims to simplify the security process inside Salesforce by providing a dashboard that alerts team members when violations occur, said Eric Pearson, senior product manager at AutoRabit.
Finding ways to simplify the security process is vital because when security tools or processes take too long or require security expertise, developers will push the code with vulnerabilities, said Melinda Marks, analyst at ESG. Salesforce customers put highly sensitive data into the application, so it’s important to ensure secure development to protect all that data, she said.
“Not catching mistakes leaves you vulnerable to security issues,” Marks said. “Our research shows most organizations suffer serious consequences from security incidents caused by misconfigurations that could be prevented by implementing static testing to ensure that when code is released, it has been tested and is secure.”
There is a growing need for simplified tools because surging security threats are one of the consequences of continuous delivery, said Charlotte Dunlap, research director at analysis firm GlobalData.
“These tools also reflect the growing trend toward shift left or IaC — infrastructure as code — placing more responsibility with the developer for integrating security earlier into the application development process,” Dunlap said.
Other SAST and software composition analysis tools addressing Salesforce include SonarQube, Checkmarx, Snyk and Veracode. But AutoRabit claims better coverage for Salesforce programming languages, ESG’s Marks said. The key to whether these types of tools will get accepted and used is how much they automate or reduce manual and tedious tasks, she said.
CodeScan Shield users can connect to Salesforce via an API call. At the time of publication, AutoRabit has not made CodeShield’s pricing structure public.
Discover the differences between Azure Data Factory and SSIS, two ETL tools. These contrasts include key data management features…
An extension of the Azure DevOps service, Azure Artifacts can help developers manage and share packages to streamline the overall…
Oracle is allowing its database users to access those services on rival clouds, while aggressively pursuing AWS customers in …
Application modernization should be at the top of an enterprise’s to-do list for five reasons, including security concerns, …
While CQRS can provide a lot of value when it comes to structuring an event-driven architecture, improper practices can cause …
Naming APIs can be a daunting process, since it requires a balance between simplicity and clarity. JJ Geewax, author of ‘API …
Dell jumps on the Red Hat OpenShift bandwagon with its Apex container management products, intensifying uncertainty about the …
Self-healing is a quality that enables software to autonomously resolve issues based on a desired state. Kubernetes’ self-healing…
DevSecOps pushes security work into every stage of the software delivery lifecycle. Vulnerability management is a critical …
The contrasts between Agile and Waterfall are stark. Here we compare these two popular development methods, and show you the key …
Developers who want to shift gears from programmer to manager must embrace a different mindset and various skills. These five …
Unlike Java, Python or C, HTML is not a programming language because it lacks variables, conditional statements or iterative …
Many organizations struggle to manage their vast collection of AWS accounts, but Control Tower can help. The service automates …
There are several important variables within the Amazon EKS pricing model. Dig into the numbers to ensure you deploy the service …
AWS users face a choice when deploying Kubernetes: run it themselves on EC2 or let Amazon do the heavy lifting with EKS. See …
All Rights Reserved, Copyright 2006 – 2022, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles