The following article briefly explains the concept of Secure Code and reviews the solutions we offer in this domain.
In addition to development tools and DevOps solutions, we offer a variety of Secure Code Development solutions
and assistance in securing cloud applications (AppSec).
We provide an end-to-end solution including specification, planning, assistance in selecting appropriate tools, implementation, integration with tools and development processes, support / managed services, and licensing.
The following article details the tools, services, and training we offer.
For more details, please contact us: devsecops@almtoolbox.com or by phone:
866-503-1471 (USA / Canada) or +31 85 064 4633
Table of Contents:
- What is Secure Code?
- List of Secure Code Development Tools We Distribute and Support
- List of Services and Solutions We Offer Around Secure Code Development
- Training for Secure Code Development
What is Secure Code?
Secure code is a collection of practices for developing software safely and securely as an integral part of the development process itself (rather than separately),
ensuring that information security is integrated throughout the development lifecycle (rather than just at the end).
Secure code development has several goals, including:
- Rapid bug detection (“Shift Left”)
- Protecting the users of the application we are developing
- Secure code for defense against unauthorized users
- Protecting the development, build, and integration processes of the product
List of Secure Code Development Tools We Distribute and Support:
We can help you choose the tools that best suit your needs, according to your requirements, environment, and budget.
- SonarQube (Static Code Scanning, SAST, assistance in writing clean and secure code in 29 languages).
We also offer support and managed services. More info here. - GitLab + GitLab CI (A suite of secure code tools as part of the development process:
SAST, DAST, API, SCA, Secret Detection, Container scanning, Fuzz Scanning)
We also offer support and managed services. More info here. - HashiCorp Vault (Secrets Management)
- AppScan (DAST solution for application security including API Security)
- HashiCorp Consul (Service Discovery and Service Mesh solution)
- Vault Plus (Solution for managing secrets based on Vault open source)
- Sysdig (Monitoring and security for containers and Kubernetes; Managed Prometheus option)
- Fossa (SCA solution for Vulnerability Management and License Compliance for open source libraries)
- Socket Dev (SCA solution for Vulnerability Management, Malware detection, and SBOM creation)
- Docker – Allows containerization of your applications (with Docker Desktop);
Search and sharing of ready-made images (via Docker Hub); Vulnerability detection in images (via Docker Scout) and more - SourceGraph (Solution that provides alerts on code vulnerabilities and allows automatic fixing across the entire codebase)
- SonarCloud (SaaS/Cloud solution for static code scanning)
- SonarLint (Free plugin for IDEs)
- Secrets Management solutions (On-prem / SaaS / Hybrid)
- HashiCorp Boundary – Secure Remote Access – (Modern replacement for VPN)
- LastPass – Password Management
- Mattermost (Secure chat for development environments / alternative to Slack and WhatsApp)
- GitHub Advanced Security (Suite of secure development tools on top of GitHub)
- Atlassian Guard (formerly Access) – Secure access and SSO solution for Jira, Confluence, Bitbucket, and Atlassian add-ons
- Azul (Java security updates and Java support)
- Terraform (Includes Drift Detection)
- Spacelift – A product for developers and security teams that identifies Drift in Terraform, AWS CloudFormation, and Pulumi, and offers remediation paths
For more details, please contact us: devsecops@almtoolbox.com or by phone: 866-503-1471 (USA / Canada) or +31 85 064 4633
List of Services and Solutions We Offer Around Secure Code Development:
- Planning and building development processes, DevOps processes, and CI/CD processes that include secure development
- Assistance with secure code development around GitLab (including the Free version) – Including CI processes and Secure CI
- Assistance with secure code development around GitHub – Including CI processes and Secure CI
- Development of secure processes around git (such as protecting repositories from unauthorized users)
- Implementation via SCM tools such as GitHub, GitLab, Bitbucket, SonarQube
- Implementation via code/app scanning tools such as SonarQube, SonarCloud, GitLab, Fossa, Vault
- Implementation via CI tools such as GitHub Actions, GitLab CI/CD, Azure DevOps, Jenkins
- Variety of solutions for Secrets Management
- Managed solution for secrets management using HashiCorp Vault
- Solution for organizational password management such as LastPass, 1Password
- Secure remote access solutions based on VPN or next-gen (such as Boundary)
- Managed service for your SonarQube environment (Self-hosted) or in the cloud
- Managed service for your GitLab environment (Self-hosted) or in the cloud
- Managed service for your GitHub environment (Self-hosted) or in the cloud
- Drift Detection services
For more details, please contact us: devsecops@almtoolbox.com or by phone: 866-503-1471 (USA / Canada) or +31 85 064 4633
Training for Secure Code Development:
We offer a variety of training courses on this subject – contact us: devsecops@almtoolbox.com or by phone: 866-503-1471 (USA / Canada) or +31 85 064 4633
