Announcing support for Python dependency checks, compliance insights [PCI 3.2 & SOC2], and integration with Synopsys Black Duck
With year-end quickly approaching, our engineering team is excited to announce general availability of Deepfactor v2.1. This release introduces a number of new features and enhancements, most notably a brand-new compliance module and native integration with Synopsys Black Duck. Users can also expect an improved Deepfactor Portal, with the dashboard providing rich compliance, supply chain, and security details at-a-glance.
Continue reading after the matrix to learn more about the new features and enhancements added in the latest version of Deepfactor!
Many data security and privacy regulations (e.g., PCI, CCPA, GDPR, SOC 2, etc.) contain requirements for application security with penalties for violations, not to mention legal ramifications, loss of business, and reputational damage in the event of a breach. Our newest module helps developers assess compliance status for applications by mapping our alerts—System Call Risks, Behavior Violations, and Vulnerabilities—to the Secure Control Framework. Armed with this information, developers now understand the impact application security might have on the company’s compliance goals.
Synopsys Black Duck Integration
Deepfactor references data from the National Vulnerability Database to provide developers with out-of-the-box CVE information for vulnerable dependencies and OS packages. However, Deepfactor enhances traditional artifact scanning by observing the running application to provide developers with prioritized results based on real-time usage information. In Deepfactor v2.1, this framework has been extended to support external Software Composition Analysis (SCA) tools.
We’re excited to announce our partnership with Synopsys Black Duck to bring Black Duck Security Advisories (BDSAs) to Deepfactor! With this integration, customers of Synopsys Black Duck and Deepfactor can expect enhanced and prioritized CVE information for vulnerable dependencies and OS packages.
Please stay tuned for additional announcements around this integration and partnership. In the meantime, visit our documentation for more information.
Given the number of features being added to Deepfactor each release, there’s been a growing need to provide developers with “glanceable,” easy-to-understand information on instrumented applications. In Deepfactor v2.1, customers are now greeted with a completely redesigned dashboard that highlights important, high-level information across the modules for supply chain, compliance, and security insights.
Visit our Release Notes for more information about our latest releases. And, as always, for those interested in learning more about Deepfactor and the improvements introduced in v2.1, you can request a demo.
Deepfactor is a cloud native application security platform that enables developers to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance issues during development. The unified AppSec platform provides integrated artifact scanning (SCA, container scans, SBOM) and runtime visibility (IAST, DAST). Requiring no code changes, the Deepfactor runtime observability technology seamlessly plugs into cloud native architectures to observe telemetry and detect anomalies, providing developers with a prioritized and actionable list of contextual security risks. Deepfactor simplifies operations, reporting, remediation, and integrates AppSec into the CI/CD pipeline to drive the adoption of DevSecOps for modern enterprises.