There are thousands of amazing AppSec tools out there, but this can be both a blessing and a curse. While the headway and innovation we are seeing across these kinds of tools signal big things for the DevSecOps industry, it’s nothing short of a pain when it comes to configuration, deployment and introducing new tools into the mix.
Keeping pace with continuous delivery, changes in technology and security requirements means that attempting to manually copy a configuration across dozens (and sometimes hundreds!) of applications is an almost impossible feat.
In keeping with this rising demand and increase in tools, it has become more important than ever to be able to clearly see whether the risk in a particular application has changed since the last time it was updated, code was pushed, or a binary built, in order to make a decision about whether to release or deployment the software. Similarly, security teams want to iterate and improve tool coverage once these tools are onboarded, and need to roll out new tools across their organisation in response to changes in their threat environment or company policy.
At Uleska, it’s long been our mission to streamline these kinds of processes. While we have made it easy to bring these tools together, collate the results and act on them—one customer demand continued to prevail. They wanted a fast, reusable way to manage these tools and their configuration.
Enter Toolkits.
What is toolkits and how will it help me?
Toolkits are collections of AppSec tools and their associated configuration (API keys, tuning settings and runtime parameters, for example) that can be used and, most importantly, re-used by applications across your entire estate. Toolkits hugely simplifies the configuration of tools and makes it easy to seamlessly execute those tools against an application version.
We know just how overwhelming it can feel to choose tools from scratch. Our customers similarly need to connect the right sets of tools to their code and products, and often want to get started quickly with some sensible defaults.
That’s why we’ve loaded up Toolkits with official Uleska-approved, tried-and-tested Open Source AppSec tools to get you started. We’re calling these Official Toolkits.
At the time of launch, we have two Official Toolkits for users to choose from:
- FOR CODE: This Toolkit (built with code in mind) statically analyses source code, Dockerfiles and infrastructure-as-code configuration files
- FOR LIVE TESTING: This Toolkit (built with live testing in mind), when given a URL, will poke, prod, and exercise your running application to find any vulnerabilities
These Official Toolkits will get you to a list of vulnerabilities found in your application quickly and easily, so you can start classifying and triaging right away without having to bother with any tool configuration or orchestration.
You can easily sign up here, or find out how to test your application with a toolkit here.
customising toolkits to suit you
Our Official Toolkits will give you a headstart in your AppSec programme, getting you running within minutes. But that’s not all they do. If you want to customise these Official Toolkits or expand them beyond our default setup, you’re in luck, because in addition to our toolkits, you can create your own Custom Toolkits just for use by you and your colleagues.
If you have specific tools you’d like to use - our proprietary tools like Veracode or Snyk, for example - or if you want a toolkit to match the different stages in your software development cycle, you can create as many Custom Toolkits as you’d like. Here's how you do it.
These take moments to put together and you can iterate and improve them over time, adding or removing tools as time or budget allows.
kick-start your toolkits experience
Our customisable, reusable Toolkits are designed for you to scale. Designed to alleviate your workload. Designed to let you focus on the more important things.
To kick-start your Toolkits experience, visit the brand-new product page on our website which gives you further information on how to get started with Toolkits, as well as details on which Official Toolkit may work best for your business or project.
Sign up and get up and running with Toolkits today!
Subscribe to the Uleska blog
You may unsubscribe at any time using the unsubscribe link in the newsletter.
