NowSecure integrates with GitHub Dependabot for mobile software supply chain security for developers
GitHub, the leading software development platform for over 83 million developers, announcement new extensions for dependency information in the GitHub dependency graph with new GitHub actions. As a recognized leader in mobile application security, NowSecure provided the first automated dynamic mobile application SBOM solution integrated with GitHub Dependency Graph. The NowSecure GitHub Action for Mobile SBOM to populate the GitHub Dependency Graph is now available in Early Access via the GitHub Marketplace. Additionally, the NowSecure platform can now be purchased through Microsoft Azure Marketplace. As part of the early access program, all GitHub mobile developers can request a free analysis for dynamic SBOM generation in GitHub Dependency Graph.
Underpinning the urgency to manage software dependencies, software supply chain attacks in 2021 increased by 650% with major incidents from SolarWinds, Microsoft, Kasaya, log4j and others. White House Cybersecurity Orders in 2021 identified critical risks in the global software supply chain and defined requirements for government agencies to establish standards and policies to secure the software supply chain.
“Developers want to deliver innovative, high-quality mobile apps quickly,” said NowSecure’s CEO. Alan Snyder. “This means they need an easy-to-use, accurate developer-first mobile security solution that’s integrated directly into their development workflows. While mobile developers depend on third-party code for innovative experiences , complex features, and time to market, they need to make sure the code they use is up-to-date and secure. We’re excited to extend our partnership with GitHub and the community by adding dynamic SBOM generation to GitHub Dependency Graph to help developers protect their software supply chain.
NowSecure offers two GitHub actions for automated mobile app scanning and mobile app SBOMs. The NowSecure GitHub Action provides automated static and dynamic security analysis of iOS and Android mobile apps built in any language or framework, including Swift, Objective-C, Java, Kotlin, Dart, React-Native and more. The NowSecure GitHub Action for Mobile SBOMs generates component details for visibility into libraries/frameworks included in all mobile apps, identifying transitive dependencies, identifying libraries/frameworks that use older versions, identifying components that remain but may have been previously specified to be removed and finding out the component license details.
“The NowSecure GitHub for Mobile SBOM action populates the GitHub dependency graph with mobile data so that in the future, GitHub Dependabot alerts can update dependencies to the newest and most secure versions of libraries in mobile apps,” said NowSecure CTO David Weinstein. “Furthermore, comparing the SBOMs and dependencies of different versions of a mobile application provides insight into changes made by the developer over time that may require further analysis or help identify technical debt. together we have been very impressed with GitHub’s implementation, allowing third parties to extend the Dependency Graph and Dependabot to support new ecosystems like mobile.”
“The software supply chain starts with the developer. Extending automated visibility into your SBOM means developers can significantly reduce their use of vulnerable software dependencies and be confident in delivering new mobile features and products with secure integrated by design,” said Jose PalafoxDirector of Business Partnerships at GitHub.
The NowSecure GitHub Action for Mobile SBOM Early Access Program for GitHub Dependabot Graph is part of the world’s most comprehensive suite for mobile application security, including NowSecure Platform for continuous security testing in the development pipeline for DevSecOps, NowSecure Workstation pen tester productivity kit, NowSecure Supply Chain Risk Management, NowSecure Pen Testing Servicesand NowSecure Academy training tutorials for development and security teams. Built on a foundation of standards and automation, NowSecure enables organizations to deliver secure mobile apps faster and continuously monitor risk in their mobile app supply chains. The world’s leading mobile innovators, enterprises, and agencies trust NowSecure to secure their mobile apps, including AT&T, Caribou Coffee, Chime, iRobot, and Uber.
Now available in an early access program, GitHub developers and security teams can sign up for free NowSecure Mobile SBOM for GitHub today.
As a standards-based mobile app security and privacy company, Now secure protects the mobile app economy. The world’s most demanding organizations, innovative mobile developers and advanced security teams trust NowSecure to protect millions of mobile application users in banking, insurance, high tech, from IoT, retail, hospitality, energy and government. Only NowSecure provides the full suite of continuous security testing solutions for DevSecOps, mobile app supply chain monitoring, expert mobile pen testing and training courseware with the depth, speed, accuracy and reliability. efficiency needed to meet modern business demands. Dedicated to the open source community and standards such as OWASP, ioXt and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Gartner, Deloitte Rapid 500 and TAG Cyber. www.nowsecure.com