SOLUTION BRIEF
Contrast Security Integrate with DevOps Chat Tools
Executive overview
The Contrast Application Security Platform integrates with common chat tools such as Slack and Microsoft Teams to help improve work ow orchestration and accelerate application delivery. Contrast’s approach improves both communications and collaboration across development, security, and operations teams. It incentivizes remediation of vulnerabilities, modernizes DevOps work ows, and ultimately expedites the delivery of high quality code.
Bridging the gap between application security and developers
Nearly 90% of developers report that the largest hindrance to productivity is a disconnect between development and security workflows.1 This disconnection between security and development extends to many of the tools used for continuous integration/continuous deployment (CI/CD). To build applications with deference to both speed and security, developers must be able to address vulnerability issues in real time with the rest of their build, test, and repair cycle. Therefore, organizations need application security that integrates with existing tool sets—including chat tools like Slack and Microsoft Teams.
Teams are siloed by their tools—each team has their favorite and is optimized to work within these specialized tools only. It is difficult to collaborate and troubleshoot across the stack due to a lack of visibility.2
The Contrast Application Security Platform
The Contrast Application Security Platform offers an instrumentation-based approach to application security testing (AST) that automatically identifies software vulnerabilities while developers are writing original code and building with open-source components.
Contrast’s platform includes Contrast Assess interactive application security testing (IAST) and Contrast SCA open source security solutions. It also includes Contrast Protect runtime application self-protection (RASP) to extend security protection into production. These solutions provide contextual information such as dataflow analysis as well as actionable fix guidance to support rapid vulnerability remediation with CI/CD practices. Contrast integration with popular chat tools (including Slack and Microsoft Teams) improves visibility and communications between security and development teams—helps to establish a true DevSecOps culture within the organization.
ChatOps integration—improving communications and productivity
Organizations need to track high-priority vulnerabilities and remediation status on code issues to foster better cooperation across development, security, and operations. ChatOps tools facilitate instant communications across all team members working on an application—even if they are in different locations around the globe.
Using a chat tool that integrates with application security helps eliminate obstructions, align objectives, and streamline information sharing for more efficient vulnerability remediation within CI/CD processes. Issues can be addressed as they arise from available team members to increase efficiency and productivity. The Contrast Application Security Platform’s integration with chat tools provides organizations with automatic security updates based on severity of a vulnerability. It gives all teams with real-time notifications regarding vulnerability issues and resolution activities.
It is essential in DevSecOps to communicate the responsibilities of security of processes and product ownership. Only then can developers and engineers become process owners and take responsibility for their work.3
Contrast integration capabilities
Contrast’s integration into a team Slack channel or similar chat tool establishes comprehensive observability of security and remediation issues across different functional roles. It supports real-time communications for alerts, assigns roles, and troubleshoots repairs while fostering direct conversations and better collaboration among team members.
Contrast benefits to application security
Contrast’s approach offers benefits to application security teams, including:- Enabling all parts of the team to receive current security updates throughout the DevSecOps workflow
- Reducing lag time for all team members learning about a vulnerability issue
- Helping organizations “shift left” by fixing vulnerabilities in development, rather than later in the SDLC (which is more expensive)
For 40% of organizations, the main value of security integration with the DevOps toolchain (DevSecOps) is that it fosters a high level of collaboration between their development, infrastructure management, application owners, and cybersecurity stakeholders.4
Contrast benefits to developers
Contrast chat tool integration also provides direct and tangible benefits to application developers, such as:
- Increasing the amount of quality time available for coding
- Reducing unplanned work interruptions due to context switching for security issues
- Decreasing the total amount of time spent on vulnerability remediation per application
Driving remediation, accelerating DevSecOps
The “shift-left” approach to security must be augmented with a continued focus on runtime by integrating security controls with the development tools that orchestrate the delivery of new builds into production.5
Contrast’s native integration with existing chat tools helps align the objectives of application security, developers, and operations for better collaboration, enhanced productivity, and more secure code on delivery. And this kind of deep integration helps accelerate development cycles while fostering a true DevSecOps culture across the organization.
1 “Developers agree: Application security processes have a negative impact on productivity,” Tech Republic, June 30, 2020. 2 “Modernize your CI/CD,” GitLab, accessed November 25, 2020.
3 “DevSecOps,” IBM, July 30, 2020.
4 “Oracle and KPMG Cloud Threat Report 2020,” Oracle/KPMG, May 2020.
5 “Oracle and KPMG Cloud Threat Report 2020,” Oracle/KPMG, May 2020.
Secure your apps and APIs from within
Schedule a one-to-one demo to see what Contrast Runtime Security can do for you