GitHub recently announced GitHub Actions, a feature bringing the platform into the CI/CD market. GitHub Actions is available for both GitHub.com and GitHub Enterprise hosted in the cloud. The cool thing is that GitHub added Actions to its Marketplace, where users can easily search and use Actions in their workflows.
The primary features of automation, like ease of use and easy setup, are perfect for teams who use GitHub for their repositories. For Pushes, Tasks, Pull Requests, and Issues, GitHub now offers a level of automation, which ultimately increases the amount of open source contributions. However, with great open source comes great vulnerabilities, as Uncle Ben would’ve said if he coded.
This is where Synopsys comes in. Having been in the application security market for well over 20 years, we have a market-leading understanding of the vulnerable code and components that can hide in applications. We want to put the “Sec” in DevSecOps, which inherently means security can’t slow development down. GitHub Actions makes it very simple to integrate SAST and SCA scans into workflows, helping us achieve our DevSecOps goal. That’s why we’re excited to announce the Synopsys Detect GitHub Action!