Orca Security Unveils Industry’s First Context-Aware Shift Left Security to Identify and Prevent Cloud Application Security Issues Earlier in the Development Cycle
Enterprises can now ship more secure code to production by unifying security across software development, DevOps, and security teams
PORTLAND, OR – May 11th, 2022 – Orca Security, the cloud security innovation leader, today announced the industry’s first cloud security solution to provide context-aware Shift Left Security for cloud infrastructure and applications. Orca Security helps DevOps teams understand the potential impact of security issues on cloud application production environments, and fix those issues earlier in the software development lifecycle (SDLC), while also providing security teams with automated remediation to prevent security issues from progressing across the SDLC.
Orca’s new command-line interface (CLI) called Orca CLI enables developers and DevOps teams to quickly scan locally hosted images and IaC templates, view results directly in developer tools, and surface findings within the Orca platform. Orca CLI supports any standard CI tool, such as GitHub Actions, Jenkins, CircleCI, Bamboo, or Bitbucket. Developer and DevOps workflows can now include scanning for vulnerabilities, secrets, malware, and compliance issues.
“Organizations continue to adopt cloud-native architectures and want to ship their applications as quickly as possible while ensuring they are secure in production. Previously, organizations needed multiple tools to secure each part of the application lifecycle which resulted in a lack of shared context across each phase of development and runtime,” said Avi Shua, co-founder and CEO for Orca Security. “At Orca Security, we believe that both DevOps and security teams deserve context-aware security across the entire application lifecycle in a single platform – by shifting security left into development and automatically remediating risks in production.”
Unifying Cloud Security Across the Full Application Lifecycle
Security leaders are responsible for all aspects of security governance, including ensuring that applications are fully tested and secured in production. Orca Security delivers Shift Left Security capabilities securely across the Build, Deploy, and Run phases of the software development lifecycle to help companies detect critical risks and meet compliance mandates:
- Build: Container images and IaC templates are scanned for vulnerabilities and misconfigurations on the developer desktop or as part of regular, continuous integration and continuous delivery (CI/CD) workflows. This context-aware process takes into consideration both the current run time environment as well as the deployed code to deliver a dramatic improvement in accuracy.
- Deploy: Registries are continually monitored to ensure application artifacts are secure before deployment, with guardrail policies in place to prevent insecure deployments. Continuous monitoring also identifies secrets such as when private keys are found as part of a CI scan that could allow lateral movement within a cloud estate.
- Run: Production environments are also monitored for risks with contextual and prioritized alerts, risks are remediated automatically, and data integrates with modern ticketing and notification tools.
- Read the blog: Shift Left Security: Addressing Cloud Risks Early in the Development Process
- Download the eBook: 5 Requirements for Integrating Security Across the Full Application Lifecycle
- Visit our website: Shift Left Security web page
- Join the Webinar: Shift Left: Find and Fix Cloud Security Risks Earlier in the Development Cycle
Note: All of the mentioned features will be available in Q2, 2022
About Orca Security
Orca Security provides instant-on security and compliance for AWS, Azure, and GCP – without the gaps in coverage, alert fatigue, and operational costs of agents or sidecars. Simplify cloud security operations with a single CNAPP platform for workload and data protection, cloud security posture management (CSPM), vulnerability management, and compliance.