UPDATE - Apiiro Launches New Partner Program, SHINE, Partnering with Security Solutions from Code to Runtime
May 01 2024 - 10:08AM
Apiiro, the leading application security posture management
(ASPM) platform, today announces SHINE, its new integration
program. SHINE stands for the program's guiding principles –
Seamless,
Holistic,
Interconnected, Vendor-
Neutral,
and
Enriched – and cements the company’s
commitment to integrating across stacks, from development tools,
CMDBs, security training tools, communication systems, and, most
importantly, security tools from code to runtime.
Apiiro technology partners can now seamlessly integrate into its
Deep ASPM platform and leverage the unique context provided by
Apiiro's Risk Graph. By enriching ingested findings with its deep
code inventory and runtime context, Apiiro goes beyond shallow
aggregation to:
- Correlate, de-duplicate, and prioritize findings based on risk
likelihood and impact factors garnered from Deep Code Analysis
(DCA) and runtime context to reduce manual triaging work.
- Enrich and tie risks to their root cause and code owner,
reducing time spent working with developers to remediate risks and
improve mean time to remediation (MTTR).
“We’ve always strived to be a 100% open platform. Now, we have
the foundation and commitment to our customers and community to
back that up, fostering a collaborative environment where all
stakeholders in the application development process can access and
utilize critical security insights,” said Moti Gindi, Chief Product
Officer at Apiiro. “We’re proud to formally launch this program,
ensuring that all partners can contribute to and benefit from a
holistic view of application risks.”
As part of SHINE, Apiiro announces dozens of initial
integrations across SAST, SCA, secrets security, container
security, cloud security, bug bounty, and other security tools,
doubling down on its position as a 100% open ASPM platform.
Anchor Partner Quotes
“Mend and Apiiro have a shared goal of enabling AppSec teams to
reduce risk and accelerate development. Integrations like ours are
non-negotiable as we continue to empower our enterprise customers
with the flexibility they need when dealing with the complexity of
cloud-native environments.” – Vered Shaked, EVP Corporate
Development and Strategic Partnerships, Mend.io"The JFrog
Platform offers a consolidated solution for DevOps and DevSecOps,
covering the full Software Supply Chain, including OSS Package
Curation, SAST, SCA, Contextual Analysis, and Secret Detection.
Apiiro's integration with JFrog provides users with additional
context to show a broader perspective of the security posture of a
project. Our mutual customers can now avoid using point solutions
and gain end-to-end visibility directly connected to the main asset
of their SSC: the Binaries. Leveraging insights from Apiiro and
JFrog's comprehensive security solution automates the conversion of
security findings into actionable steps, ensuring full traceability
to the relevant teams involved in the organization's SDLC." –
Gal Marder, SVP of Strategy, JFrog“Our customers
are juggling countless tools and processes to keep up with the
drumbeat of cloud-native development, so enabling them with a
contextual single pane of glass is a must,” said Ori Bendet from
Checkmarx. “Our integration streamlines the application cyber risk
and remediation lifecycle making remediation and prioritization
easier for everyone. This is key in helping application security
and development teams in their efforts to manage application risk
and ensure compliance while supporting business growth.” –
Ori Bendet, VP Product Management, Checkmarx“By
unifying findings across our customers’ security testing tools and
bug bounty programs for correlation and root cause mapping, the
Bugcrowd and Apiiro integration helps our customers fix risks
faster. Plus, Apiiro’s application attack surface and coverage
mapping enables our customers to fine-tune the scope of their bug
bounty programs.” – Jacques Lopez, VP, Global Channel Sales
& Strategic Alliances, Bugcrowd
Other integrations include Akamai, Black Duck, Fortify, GitHub,
GitLab, Secure Code Warrior, Sonatype, Snyk, Wiz and several dozen
others.
What Else is NewTo strengthen the formalization
of SHINE and bolster the vision to unify risk visibility across
tools to processes and from code to cloud, Apiiro has also
introduced multiple platform enhancements:
- Manual Security Findings Ingestion: In
addition to integrating with security tools, Apiiro now ingests
findings from bug bounty programs, manual threat models, and
penetration tests, helping AppSec teams unify visibility across and
correlate risks from all their disparate sources.
- Container Inventory and Security Experience:
Apiiro is rounding out its in-app experiences by risk category with
container security, providing its customers with visibility across
artifacts, connecting container images to their associated
repository or code module, and more.
- Risk Exposure Path: This visualization matches
each risk from its source in code to associated containers,
repositories, pipelines, and eventually, its runtime services, as
powered by Apiiro’s patented Deep Code Analysis (DCA) technology
and code-to-runtime matching.
- Contextual Prioritization Funnel: Apiiro
visually surfaces its contextual risk factors, such as whether a
risk is in a code module that is in active development, is
deployed, or is used in code (i.e. reachable), helping its
customers to narrow in on real, business-critical risks.
By combining its open platform approach with its Deep Code
Analysis (DCA) technology, Apiiro acts as a central AppSec control
plane to give businesses the ability to define risk-based policies,
build automated process triggers, and give developers a single
interface across security tools—with all the context needed to fix
fast and prevent the risks that matter. New integrations are coming
soon with an industry-leading SLA of two weeks for building new
vetted integrations.
Read more about SHINE on the Apiiro blog and see our
integrations on the SHINE website.
About ApiiroApiiro empowers application
security and development teams from companies like Morgan Stanley,
Rakuten, SoFi, and Colgate to unify their application risk
visibility, prioritization, assessment, and remediation to save
time triaging security findings and fixing real risks so they can
deliver secure applications to the cloud. The company is backed by
Greylock, Kleiner Perkins, and General Catalyst.
Media ContactAdam LaGrecaFounder of
10KMediaadam@10kmedia.co
Photos accompanying this announcement are available at
https://www.globenewswire.com/NewsRoom/AttachmentNg/d4c79ba1-aea1-40c7-86f6-fd67ab67a862
https://www.globenewswire.com/NewsRoom/AttachmentNg/9c99f15b-cd39-49cb-964e-1d26de40e859