The challenge: Increase and improve security scans at the speed of DevOps

As organizations rapidly evolve their development practices into streamlined and agile DevOps methodologies, tools capable of adapting and keeping pace with development speeds and complexities are critical. Specifically, tools must seamlessly integrate into existing pipelines without “breaking the build” or decreasing development velocity.

Cryptsoft depends on accurate and efficient security scanning for the successful production of its industry-leading software products. So any security solutions that are incorporated into its software development life cycle (SDLC) pipelines must be capable of adequately maintaining development velocity.

Tim Hudson, CTO and company founder, said, “Our customers are some of the most well-known companies in the technology industry, and their combined expectations, and the critical nature of the software that we provide for key management systems and hardware security modules, means that we must use every possible tool that is available to improve code quality, security, and stability.” This high-stakes demand—along with ever-increasing development speeds—drove Cryptsoft to look for a static application security testing (SAST) solution that could keep up and scale to its DevOps needs.

Hudson said that it was his intent “to get in front of our customers who are performing intermittent scans of releases, and catch items before our customers see them.” This requirement necessitated a robust SAST tool capable of catching bugs sooner and without slowing down CI processes.