Security leaders and software developers can now gain deeper visibility into their organizations’ software development security posture with the introduction of the industry-first solution, SCW Trust Agent, from Secure Code Warrior (SCW). This advancement supports the move towards secure-by-design code and follows the recent launch of SCW Trust Score, which quantifies the security competence of software developers within organizations.
SCW Trust Agent leverages a dataset of learning points collected from developers to help users assess the security readiness of code committed to public open-source Git repositories. It aims to become an essential part of the secure software development lifecycle, providing CISOs with an easy-to-deploy solution to measure the health of code commits and gain visibility into source code repositories.
The solution, compatible with Git-based repositories like GitHub, GitLab, and Atlassian Bitbucket, evaluates committed code to determine if the developer possesses the required secure code skillset. This information is used to rate the health of the commit and can be aggregated across multiple repositories. SCW Trust Agent offers enhanced control, flexibility, and security controls, with customizable policy configurations based on project needs.
Amidst recent software development challenges, including the CrowdStrike chaos caused by a C++ software security flaw, Danhieux emphasized the importance of moving away from memory-unsafe languages to prevent vulnerabilities. SCW provides language-specific coding guidelines and practical coding challenges to help organizations mitigate risks like null dereference errors.