DefenseCode Group has announced that DefenseCode’s Static Application Security Testing (SAST) ThunderScan solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability reports integrated into GitHub.
GitHub is a developer collaboration platform and home to more than 50 million users, 3 million organizations, and over 100 million repos. It recently announced the general availability of its code scanning feature, a developer-first, GitHub-native approach to easily find security vulnerabilities in code and before they reach production.
Coinciding with the launch of code scanning, DefenseCode Group has released a GitHub Action for the ThunderScan SAST solution. The added support for Static Analysis Results Interchange Format (SARIF) output, uploaded automatically by the ThunderScan GitHub Action, enables developers to access any security vulnerabilities identified by the analysis directly in the GitHub code scanning UI.
Code scanning scans code as it’s created and surfaces actionable security reviews within pull requests. It also prevents developers from introducing new vulnerabilities. Scans may be scheduled for specific days and times, or triggered automatically when a specific event occurs in the repository, such as a code push.
DefenseCode customers are now able to run cross-platform self-hosted runners provided by GitHub to customize the environment used to run ThunderScan Action jobs in their GitHub Actions workflows. ThunderScan SAST has a dedicated REST API client that is called upon from a GitHub Action with parameters to run the analysis against a target repository.
Self-hosted runners can be added at various levels in the management hierarchy:
- Repository-level runners are dedicated to a single repository.
- Organization-level runners can process jobs for multiple repositories in an organization.
- Enterprise-level runners can be assigned to multiple organizations in an enterprise account.
ThunderScan SAST GitHub Action will soon be accompanied by a ThunderScan SAST GitHub App, with continued enhancements to both.
In February 2022, WhiteSource acquired DefenseCode.