Integration with GitHub and GitLab Delivers Comprehensive Security Coverage for Source Code Management (SCM) Platforms

Orca Security, the pioneer of agentless-first cloud security, today announced new source code posture management capabilities, adding full visibility into source code management (SCM) platforms to the Orca Cloud Security Platform. With integrations for popular SCM tools GitHub and GitLab, Orca is expanding its cloud security footprint, providing end-to-end coverage from source code platforms to the cloud and defending against cloud native risks for the entire development lifecycle.

“Orca understands that cloud security does not begin and end in the cloud. We protect our customers throughout the entire cloud journey,” said Gil Geron, CEO & Co-Founder, Orca Security. “Organizations today move extremely fast during code development. While DevSecOps initiatives have helped them address code vulnerabilities, they can easily overlook the source code management platform itself, which is every bit as risky to the business. With Orca’s new source code posture management capabilities, we are once again expanding our Shift Left Security capabilities, enabling organizations to manage their security journey from code to cloud via a single platform.”

Source code management tools are popular in the development community, providing a single, simple platform to collaborate, manage, track changes and store source code. However, any repository that houses source code represents a significant risk to the business when not properly configured and secured. DevSecOps and many App Sec initiatives do not adequately address this risk as they are often solely concerned with code security and not the configurations of SCM accounts or repositories.

While GitHub, GitLab, and other SCMs do offer robust security features, 62% of organizations have severe vulnerabilities in their source code repositories, while 70% have unencrypted secrets, according to Orca’s 2024 State of the Cloud Security Report. Most security teams are unaware of these native security features and lack visibility into or control over development environments, allowing vulnerabilities and security risks to compound. This leaves organizations unable to protect the infrastructure that they depend on to ship new applications to the cloud.

With new capabilities for SCM, Orca is addressing a critical blind spot for security teams, enabling them to detect security risks and remediate misconfigurations across their GitHub and GitLab accounts and repositories. Using its patented SideScanning™ technology, Orca scans all GitHub and GitLab assets and identifies risk hotspots, enabling organizations to centrally manage and enhance the security of their SCM platforms without the need for additional tooling.

Key features of the new release include:

• Repository inventory: Orca's GitHub App and GitLab App automatically discover all repositories, including new additions, and deliver a detailed repository inventory.
• Beyond code security: Orca intelligently leverages best practices from reputable third-parties (e.g. Open Source Security Foundation (OSSF), Legitify) identifying misconfigurations, security risks, and deviations from best practices within the SCM.
• Dynamic and context-aware alerts: Orca dynamically assesses risk, combatting alert fatigue by prioritizing alerts based on risk severity, exploitability, business impact, and interconnected risks that may endanger high-value assets or lead to significant security incidents.
• Extended repository insight: Orca enriches the understanding of repositories' significance and purpose by gathering metadata from GitHub and GitLab, contextualizing all data sources to facilitate comprehensive security insights.
• Remediation and workflow integration: Orca delivers comprehensive remediation instructions for every alert, accelerating response times for both security and development teams and streamlining workflows.

For more information visit www.orca.security.

About Orca Security

Orca Security is the pioneer of agentless-first cloud security trusted by hundreds of enterprises globally. Orca makes cloud security possible for enterprises moving to and scaling in the cloud with its patented SideScanning™ technology and Unified Data Model. The Orca Cloud Security Platform delivers the world’s most comprehensive coverage and visibility of all risks across the cloud. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes: https://orca.security or book a personalized demo.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240625987508/en/