Hi, Atomist co-founder here. We developed a feature that checks if a pull request introduces _new_ critical vulnerabilities in order to catch them before they get merged and deployed. Emphasis is on "new" vulnerabilities added in the PR, not pre-existing vulnerabilities.
This is for AppSec and security-minded engineers who want to make sure things don't get worse, but also don't want to block shipping because of existing vulnerabilities.
It's in early access mode. We're interested in feedback on this approach to preventing new vulnerabilities.
You'll need a personal GitHub account and a Docker Hub account to try it out.
... chiming in as one of the co-creators of this feature. The ability to quickly ascertain whether a change will increase security debt ends up having a positive impact on code reviews too. It's useful to have a spotlight shining on these particular pull requests.
This is for AppSec and security-minded engineers who want to make sure things don't get worse, but also don't want to block shipping because of existing vulnerabilities.
It's in early access mode. We're interested in feedback on this approach to preventing new vulnerabilities.
You'll need a personal GitHub account and a Docker Hub account to try it out.