Traditional SAST systems are big, powerful, and for sufficiently scaled enterprise organizations, completely vital. If an org has teams of developers in multiple time zones pumping out code to support internal systems and external products, they need a system to standardize and secure all of it. Each undiscovered vulnerability could cost millions, after all. That’s why such systems are able to justify their price, which is often above a million dollars a year to keep running.
The trouble is that to read all these lines of code and flag their flaws, traditional SAST systems require a massive on-premises footprint and, depending on the repository being scanned, could take days or weeks to work. And at the end of this process, flaws discovered, it’s up to developers and DevSecOps teams to go back to previously committed code to tediously rewrite some or all of it, and put their current projects on the backburner.
But all that goes with the territory. It can’t be helped, right?
The innovators at r2c disagree, and it’s hard to argue with their results. With their recently-launched tool, Semgrep, they are helping shift static testing further left than ever before. Now developers themselves can use a real-time vulnerability scanning tool right alongside their text editors and check code for errors.
They can also include static tests that complete in real-time when code is checked in and create rules that can help standardize best practices across entire organizations.
The True Positives team recognized the impact this technology would have, which is why we are proud to be among the first partners for r2c. We’re now offering Semgrep Team Edition to all our customers, which helps teams not only get real time code security enhancements but also allows for unlimited security policies, privately hosted rulesets to help enforce code standardizations, and support from the r2c team.
Plus, you get the True Positives targeted value-added services to help midsize and enterprise businesses protect their assets. We’re happy to help your teams implement and integrate Semgrep.
Developers get to catch mistakes before they’re committed at the desktop level, saving a ton of headaches on rework and moving tickets back and forth in JIRA. This puts control back in their hands and helps standardize the code between developers across the organization.
Product security teams get a much smaller number of issues in their workflow, so they can focus their attention on comprehensive solutions rather than battling every little bug.
Organizations that can’t justify the investment of traditional SAST systems get a fighting chance in the war on security vulnerabilities, protecting their assets the way larger organizations can. Companies who do currently use traditional static testing systems now get to maximize the value of their investment by only bringing the biggest flaws out in more focused scans while benefiting from the agile real-time scans of Semgrep.
True Positives is an authorized full-service reseller with decades of experience in traditional SAST products, and we were on the ground floor with r2c as well. When you work with us to source these tools, you get: