Harness STO Module Enables Developers to Deliver Highly Secure Applications, Accelerate Deployment Velocity and Minimize Rework
Harness, the Modern Software Delivery Platform™ company, today announced the general availability of Harness Security Testing Orchestration (STO). The Harness STO module helps organizations deliver business value to their customers more quickly by increasing release velocity and security in deployments, reducing risk and bringing security to all aspects of the software delivery lifecycle (SDLC). Harness STO eases developer workload by automating security scanning and governance in software delivery. To get started with Harness STO, visit https://harness.io/products/security-testing-orchestration.
Standard application security testing practices were not necessarily built with either speed or transparency in mind. Organizations today recognize that increasing the velocity of software delivery through automation is critical to rapidly deliver value to customers. As DevOps continues to gain popularity for rapid software delivery, concerns regarding the speed to quickly identify and remediate application security vulnerabilities and associated risks have increased.
To address these concerns, leading organizations are adopting a DevSecOps approach, which encourages security automation throughout the entire release process and moves security earlier in the software delivery lifecycle (SDLC). While DevSecOps alleviates many late-stage security concerns and the related rework, it also ‘shifts left’ the work required by developers. As a result, developers need to balance the quality and speed at which they deliver features. Since there is significant time dedicated to running multiple security scanners, processing the large amounts of disparate data they create, and identifying, prioritizing and remediating the security vulnerabilities that are detected, this approach often slows down release velocity.
According to a recent Gartner® report on DevSecOps, “As DevOps continues to gain popularity for rapid delivery and innovation of IT-enabled capabilities, concerns about security increase. Security and risk management leaders must adapt security tools, processes and policies to the DevOps toolchain without slowing the development and release process. …DevOps practices encourage automation to achieve scale, but security has traditionally been manual, process-heavy and gate-driven — the antithesis of automation, transparency and speed.”
* (Gartner Report ID # G00377293, “Integrating Security into the DevSecOps Toolchain”)
The Harness STO module is fully integrated into the Harness Software Delivery Platform and is purpose-built to enable engineering and DevSecOps teams to deliver secure applications at high velocity. By automating the scanning, analysis, and prioritization that otherwise slows down the engineering team, Harness STO makes it possible to create and enforce application security policies for a single service or across the whole organization. Orchestrating application security scanners across software delivery and processing the output of the scanners to make it easy for engineers to remediate allows for both high application security and high delivery velocity. Harness STO integrates with leading open source and commercial security scanners and can be used with Harness CI/CD or other CI/CD tooling.
Harness STO eliminates the time consuming manual process of reviewing, synthesizing and acting on the volume of disparate data from multiple scanners. Harness STO normalizes, dedupes and correlates the security scanner data and provides a single dashboard with a prioritized list of actionable results to remediate potential code vulnerabilities. Additionally, Harness STO empowers teams to customize governance configuration and establish consistent policies and procedures using policy as code and the Open Policy Agent (OPA).
“As more organizations adopt a cloud-native approach, they must take steps to secure their SDLC. With Harness STO, entire organizations can embrace the DevSecOps approach without requiring developers to become security experts or slowing down deployments. Harness STO makes security a team sport by infusing security into all aspects of the SDLC,” said Jyoti Bansal, CEO and founder of Harness.
Harness STO is generally available today and works seamlessly with Harness CI and CD as part of the Harness Software Delivery Platform or is available as a SaaS, on-prem or hybrid offering. For more information on Harness STO please visit https://harness.io/products/security-testing-orchestration.
*Gartner, Integrating Security Into the DevSecOps Toolchain, Mark Horvath, Neil MacDonald, Refreshed 4 March 2021, Published 15 November 2019
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!