Orca Security announced a cloud security solution to provide context-aware Shift Left Security for cloud infrastructure and applications.
Orca Security helps DevOps teams understand the potential impact of security issues on cloud application production environments, and fix those issues earlier in the software development lifecycle (SDLC), while also providing security teams with automated remediation to prevent security issues from progressing across the SDLC.
Orca’s new command-line interface (CLI) called Orca CLI enables developers and DevOps teams to quickly scan locally hosted images and IaC templates, view results directly in developer tools, and surface findings within the Orca platform. Orca CLI supports any standard CI tool, such as GitHub Actions, Jenkins, CircleCI, Bamboo, or Bitbucket. Developer and DevOps workflows can now include scanning for vulnerabilities, secrets, malware, and compliance issues.
“Organizations continue to adopt cloud-native architectures and want to ship their applications as quickly as possible while ensuring they are secure in production. Previously, organizations needed multiple tools to secure each part of the application lifecycle which resulted in a lack of shared context across each phase of development and runtime,” said Avi Shua, co-founder and CEO for Orca Security. “At Orca Security, we believe that both DevOps and security teams deserve context-aware security across the entire application lifecycle in a single platform – by shifting security left into development and automatically remediating risks in production.”
Unifying cloud security across the full application lifecycle
Security leaders are responsible for all aspects of security governance, including ensuring that applications are fully tested and secured in production. Orca Security delivers Shift Left Security capabilities securely across the Build, Deploy, and Run phases of the software development lifecycle to help companies detect critical risks and meet compliance mandates:
- Build: Container images and IaC templates are scanned for vulnerabilities and misconfigurations on the developer desktop or as part of regular, continuous integration and continuous delivery (CI/CD) workflows. This context-aware process takes into consideration both the current run time environment as well as the deployed code to deliver a dramatic improvement in accuracy.
- Deploy: Registries are continually monitored to ensure application artifacts are secure before deployment, with guardrail policies in place to prevent insecure deployments. Continuous monitoring also identifies secrets such as when private keys are found as part of a CI scan that could allow lateral movement within a cloud estate.
- Run: Production environments are also monitored for risks with contextual and prioritized alerts, risks are remediated automatically, and data integrates with modern ticketing and notification tools.