by: DefenseCode |

DefenseCode Group is proud to announce that DefenseCode’s Static Application Security Testing (SAST) ThunderScan® solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability reports integrated into GitHub.

GitHub is a developer collaboration platform and home to more than 50 million users, 3 million organizations, and over 100 million repos. It recently announced the general availability of its code scanning feature, a developer-first, GitHub-native approach to easily find security vulnerabilities in code and before they reach production.

Coinciding with the launch of code scanning, DefenseCode Group has released a GitHub Action for the ThunderScan® SAST solution. The added support for Static Analysis Results Interchange Format (SARIF) output, uploaded automatically by the ThunderScan® GitHub Action, enables developers to access any security vulnerabilities identified by the analysis directly in the GitHub code scanning UI. Code scanning scans code as it’s created and surfaces actionable security reviews within pull requests. It also prevents developers from introducing new vulnerabilities. Scans may be scheduled for specific days and times, or triggered automatically when a specific event occurs in the repository, such as a code push.

DefenseCode customers are now able to run cross-platform self-hosted runners provided by GitHub to customize the environment used to run ThunderScan® Action jobs in their GitHub Actions workflows. ThunderScan® SAST has a dedicated REST API client that is called upon from a GitHub Action with parameters to run the analysis against a target repository.

Self-hosted runners can be added at various levels in the management hierarchy:

  • Repository-level runners are dedicated to a single repository.

  • Organization-level runners can process jobs for multiple repositories in an organization.
  • Enterprise-level runners can be assigned to multiple organizations in an enterprise account.

 

ThunderScan® SAST GitHub Action will soon be accompanied by a ThunderScan® SAST GitHub App, with continued enhancements to both.

 

About DefenseCode

DefenseCode, is a privately owned and founded in 2010. A commitment to deliver application security solutions that are fast, effective, and easy to use. We aim to exceed the highest standards of threat detection. Commercial security solutions for SAST, DAST, and a range of consulting assessment services to help organizations measure and improve their security posture, with clients including representation from Banking, Finance, Defense, and Telecommunication.