informa
/
Risk
News

Ounce Labs Enhances Source Code Analysis

Ounce Labs enhances source code analysis product to integrate security into software development; company contributes to open source community

WALTHAM, Mass. -- Ounce Labs, the industry leader in software risk analysis, today announced the latest version of its award-winning source code analysis software. The enhanced product delivers scan automation and reporting capabilities to help enterprises more easily incorporate source code analysis (SCA) into their own software development lifecycle (SDLC).

Ounce has enhanced its source code analysis product by adding the Ounce Automation Server to provide seamless integration of security into build environments wherever developers choose to implement it within the SDLC. The Ounce Automation Server provides the ability to automatically scan, define, publish and report on the security of application code during development.

Ounce is also providing support for the Apache Maven project management and automation software with a plug-in designed to help developers extend the build process to include security. The Ounce/Maven Plug-In is a free-standing command line interface that helps Maven users deliver security through source code analysis within their build environments. The Ounce/Maven Plug-in allows developers to initiate Ounce scan operations, generate a report of scan results, and publish and save reports.

In addition, Ounce is contributing the Ounce/Maven Plug-in to the open-source community. The module will be hosted at open-source project repository Codehaus, which can be found online at www.codehaus.org. "Secure programming is not always paramount in the minds of software developers," said Brian Fox from the Apache Maven project. "The Agile way to use these tools is via build system integration that provides automatic scanning and reporting on a regular basis. Integrating advanced tools into a build is unfortunately a frequent barrier to adoption. By donating the Ounce/Maven Plug-in, Ounce is enabling the open source community to work together to leverage the Maven plug-in platform to provide drop-in integration and scanning of all projects using Maven."

"Ounce is continuing to champion the advancement of secure software development by providing a new open-source plug-in for Maven. The transparency of development in the open source community makes it well-suited for our approach to source code analysis that includes focusing on security as a core requirement, not an afterthought," said Jack Danahy, chief technical officer and co-founder of Ounce Labs. "The addition of this new capability is another example of our ongoing commitment to help organizations and enterprises easily add security into their development processes without disrupting or delaying timelines."

Ounce Labs

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5