Leading code analysis platform adds robust SAST security checks to provide a holistic code quality solution for all software development teams.
LISBON, Portugal, Jan. 19, 2024 /PRNewswire-PRWeb/ -- As cybersecurity risks for companies continue to soar yearly, exacerbated by the rapid rise of AI coding assistants, the imperative for robust and affordable code security solutions has never been more evident.
Codacy, a platform that combines dozens of open source and commercial integrations to help software development teams ship clean, high-quality code faster, is extending its static application security testing (SAST) capabilities with an integration to Semgrep, a rising AppSec player.
Like Codacy's Quality solution—which automatically checks code against thousands of rules and standards—Security will also provide automated security analysis and issue detection upstream in the development lifecycle before code ever gets merged.
In late 2023, Codacy affirmed its position to provide application security results to developers by integrating Trivy—offering comprehensive supply chain security analysis, scanning open-source libraries for vulnerabilities. The Lisbon-based tech company now partners with another industry-leading AppSec tool, Semgrep, adding thousands of new SAST security rules to Codacy's code analysis engine, giving developers a more comprehensive and accurate set of results.
"When it comes to security, organizations need to trade-off thoroughness and management complexity of suppliers and tools. With Codacy Security, we want companies to have comprehensive software security coverage without needing dozens of expensive and workflow changing tools. We also believe security is akin to a fundamental right, so affordability is a principle we're following. Today is a milestone for us and our customers as we eliminate the tradeoff and provide affordable security for teams of all sizes." - Jaime Jorge - Codacy CEO
Codacy Security will be made up of seven key pillars, three of which will analyze code from the inside out (Static Analysis, Supply Chain Security, Secrets, and Infrastructure-as-Code). Throughout 2024, Codacy will add support to analyze code from the outside in as well (Cloud Security Posture Management, Dynamic Application Security Testing, and Penetration Testing).
The newest Semgrep SAST rules check code for security issues across 19 popular programming languages and offer comprehensive OWASP Top 10 coverage to keep code secure, and compliant with industry regulations like PCI-DSS, HIPAA, SOC 2, and more.
According to our VP of Engineering, Kendrick Curtis, Codacy users can expect a steady influx of new security integrations over the coming year— thoughtfully selected and complementary tools that give developers the peace of mind that comes with knowing that their code quality and security are in good hands.
Combining a robust set of security tools with industry-leading quality and coverage solutions for the same affordable price will make more expensive tools from companies like Snyk, Veracode, and GitHub Advanced Security harder to justify to deliver the same or even fewer results.
"Application security tooling has been overpriced and overcomplicated for too long. It's time to shift AppSec left into a place developers want to engage with at a price anyone can afford. Bringing deeper security integration into Codacy alongside code quality and test coverage gates is a win-win." - Kendrick Curtis- Codacy VP of Technology
Founded in 2014, Codacy integrates with almost any development workflow and supports over 49 programming languages and frameworks, providing development teams with data-driven insights into code quality, coverage, security, compliance, and team performance.
The Lisbon-based tech startup most recently raised a $15M Series B funding round in 2022, led by Bright Pixel Capital.