Facing tight delivery deadlines and high expectations from the business, mobile app development teams rely on DevOps tools and GitHub repos to ship mobile apps faster. Today’s teams want developer-first security integrated into their workflows and pipeline tooling of choice to reduce friction and avoid late-stage release blockers.
To that end, NowSecure and GitHub, the world’s leading code development platform, have partnered through the GitHub Advanced Security program to enable mobile app security testing directly inside GitHub workflows for developer-first security. NowSecure has delivered the first automated dynamic mobile app security testing solution integrated into GitHub Advanced Security’s code scanning interface. The NowSecure Action for GitHub is now available in the GitHub Marketplace.
NowSecure delivers fast, automated, and accurate security analysis that can now be configured to run on every code commit using the new NowSecure Action for mobile application security testing. This NowSecure GitHub Action will test iOS or Android mobile apps written in any language or with any framework, and feed security issues back directly to the GitHub Security tab. You and your dev team will be able to configure this action to run in your existing workflows and view results as code scanning alert tickets which will include details such as severity, priority, evidence, remediation instructions, code examples and links to Apple iOS and Google Android developer documentation.
Using the new NowSecure GitHub Action, you can test security and privacy on each and every commit, or you can configure it to run continuously during every build. After you receive GitHub code scanning alerts directly in your workflow, you can remediate the finding using the detail provided, identify the commit that introduced the issue and resolve it, or dismiss a finding as “Won’t Fix” to mark the finding as closed in this and future reports. If a pull request includes a new error, the NowSecure Action that runs build and scan on the commit will ultimately fail the build. As a reviewer, you can inspect the files changed to identify where the security issue was introduced and find more detail about the issue itself to resolve it quickly.
The NowSecure partnership with GitHub brings developer-first mobile app security analysis through GitHub Actions to enable millions of developers and millions of mobile app pipelines to quickly raise the bar on mobile app security. To leverage this powerful new capability, DevOps teams will need to deploy GitHub Advanced Security and NowSecure Platform then apply the NowSecure Action for GitHub.
Including frequent security checks in your daily development workflows enables your development team to find and fix security issues faster and avoid late-stage release blockers. As a result, teams can speed mobile app delivery to meet the needs of the business while driving continuous improvement. This integration into GitHub also enables teams to effectively scale secure development programs to reduce both release and security risk. Using NowSecure and GitHub Advanced Security empowers organizations to automate more, deliver faster, and continuously improve.
In order to utilize the NowSecure Action you must be a NowSecure customer. The action requires both a NowSecure Platform token and a NowSecure Platform Group ID. If you’d like to learn more or see the new Action in action read our announcement or reach out to the NowSecure team.