MuseDev today announced it has made available on GitHub under an early access program a code analysis tool dubbed Muse that is designed to surface cybersecurity issues as pull requests are made from the repository.
Company CEO Stephen Magill said rather than waiting to discover cybersecurity issues after an application is deployed, Muse makes it easier for IT teams to consistently employ best DevSecOps practices.
There’s general agreement DevOps teams should assume more responsibility for application security as part of any quality assurance process. However, DevOps teams have lacked access to tools that would make it easier to incorporate security analytics within the context of existing application development and deployment workflows, said Magill.
Muse is also designed to surface cybersecurity issues in a way that makes it easier for developers to comprehend, said Magill. MuseBot automatically analyzes each pull request and delivers bug reports in GitHub as code review comments. In contrast, he noted, code analysis tools employed by cybersecurity teams tend to surface lists of vulnerabilities without providing developers with enough context to remediate or even prioritize.
Muse is also designed to provide a faster alternative that generates results in about 20 minutes, which means DevOps teams can address issues within a workflow versus waiting for a report from a cybersecurity team, noted Magill.
Too often code analysis tools will also generate too many false positives, he said. Muse includes a broad set of tools such as ErrorProne, Infer and Pyre for various cloud platforms that are customized and configured to reduce alert noise. Muse also provides access to an open application programming interface (API) that makes the platform fully customizable, Magill added.
Muse is available as a GitHub app that the company is promising will be free always for open source projects and other public GitHub repositories. Analysis of private repositories is also available at no cost. A self-hosted Enterprise version available for GitHub, Bitbucket and GitLab, scheduled to be generally available by the end of the year, is also available as a private beta. MuseDev is also making available a professional services team to help organizations implement the platform.
The company itself was spun out of Galois, a research and development firm that specializes in cybersecurity.
In general, it can cost organizations as much as 10 times more after an application is deployed in a production environment to address cybersecurity issues. Despite widespread awareness of that issue, adoption of best DevSecOps practices within many organizations remains relatively nascent. There’s a lot of interest in DevSecOps as a goal, but few organizations have been able to put the tools that are needed to construct security workflows into the hands of DevOps teams.
However, as more DevSecOps tools become available, chances are a lot of progress soon will be driven from the bottom up in most organizations rather than from the top down.
Redis is taking it in the chops, as both maintainers and customers move to the Valkey Redis fork.
GitLab Duo Chat is a natural language interface which helps generate code, create tests and access code summarizations.
Expect attacks on the open source software supply chain to accelerate, with attackers automating attacks in common open source software…
The emergence of low/no-code platforms is challenging traditional notions of coding expertise. Gone are the days when coding was an…
Datadog today published a State of DevSecOps report that finds 90% of Java services running in a production environment are…
Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux…