GrammaTech, a specialist in application security testing products and software research services, has announced a technology partnership with GitLab, the single application for the DevOps lifecycle. As part of the alliance, the GrammaTech CodeSonar® Static Application Security Testing (SAST) product is now integrated with GitLab’s Ultimate DevSecOps platform allowing customers to implement code analysis early and directly within CI/CD pipelines.
Development teams are under constant pressure to meet aggressive deadlines for delivering new software, with rolling releases and agile development practices that are pushing new features and code quickly into production. GrammaTech CodeSonar® is designed to shift security left in DevSecOps by detecting and eliminating bugs and vulnerabilities at the earliest stages of the development cycle. The integration of CodeSonar with GitLab enables organizations to develop and release high quality and secure software that is free from harmful defects and exploitable weaknesses which can cause system failures, enable data breaches and increase liability.
“Through this strategic partnership and integration, GrammaTech CodeSonar and its unique static application security testing capabilities are now natively available to development teams from within the GitLab CI/CD pipeline,” said Vince Arneja, Chief Product Officer at GrammaTech. “This enables security to move seamlessly from testing into development workflows, allowing enterprises to transform secure coding and accelerate software delivery.”
“GitLab is pleased to welcome GrammaTech as a strategic partner,” said Michelle Hodges, VP – Global Channels at GitLab. “The company’s enterprise SAST expertise and CodeSonar product are a natural fit for our customers in the automotive, IoT and aerospace sectors.”
The GrammaTech module for GitLab provides native SAST capabilities that scan code for defects within CI/CD pipelines, and eliminates the need for any integration and maintenance by users. It enables customers to assess code continuously, avoiding costly mistakes and rework associated with waiting until the testing phase to scan for security problems.