DoControl’s approach to securing SaaS has always been to prioritize the applications that are critical to the business. Today, the acceleration of software delivery through DevOps processes is a core requirement to remain competitive in any market. GitHub is for developers by developers. It provides everything a developer needs from task management to version control, quality assurance to continuous integration, bug tracking, governance, security and so much more. DevOps and SecOps need to be married. Security matters.
Consider the valuable intellectual property that exists within the over 200+ million repositories – that's an attractive target for nefarious characters when you also realize that over 90% of the Fortune 100 are leveraging this platform. Earlier this week, Toyota publicly disclosed a data leak after access keys were exposed, warning their customers of potential personal information exposure. Some of Toyota’s source code was inadvertently published on GitHub and contained an access key to the data server that stored customer email addresses and management numbers. Blame was pointed to a development subcontractor who made a pretty significant mistake in allowing that public key to be accessible for almost 5 years. Yikes!
Of course GitHub provides a number of useful security features natively such as Secret Scanning, Code Scanning, Supply Chain Security, and Dependabot. That said, the same shared responsibility model with cloud technologies applies here as well. With all the threat models that are present in today’s landscape (i.e. insider risk, unauthorized access, compromised identities, stolen credentials, etc) there’s a case to be made for implementing multiple layers of security to better protect sensitive software code.
We here at DoControl are thrilled to advance our integrated technology program to include an integration with GitHub. GitHub is the world’s leading software development platform, bringing together the world's largest community of developers to discover, share, and build better software. We are very excited to be able to integrate The DoControl SaaS Security Platform with one of the most critical software development tools for the modern business.
Here’s the value the partnership brings:
DoControl provides a full inventory of users, assets, repos, and more within GitHub.
A Security Workflow reverts publicized repo and automatically notifies SecOps.
A Security Workflow notifying SecOps team of disclosed CVE for investigation.
DoControl provides governance and remediation to 3rd party OAuth SaaS apps.
Software development security continues to be a top priority for organizations of any size and type, across every industry vertical. Creating a secure software development life cycle is no easy feat. However, when it's done effectively, it unlocks real business value. Design flaws can be removed prior to being embodied in the code, security flaws are detected and eliminated quicker providing stronger business continuity, and you can ultimately go to market faster.
Please visit our partner listing in the GitHub Marketplace to learn more.