Technology Radar
Published : Oct 27, 2021
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Oct 2021
Trial
Contrast Security 提供一个包括了静态应用安全测试(static application security testing,SAST)、交互式应用安全测试(interactive application security testing,IAST)、开源扫描、运行时应用自保护(runtime application self-protection 、RASP)等多种组件的安全平台。至今它已经有几年历史了,我们也在多个项目上使用过它。关于 Contrast 平台,我们尤其喜欢的一点是它的运行时库分析。它帮助我们定位没被使用的库,这反过来帮助了我们对漏洞安排优先级,并移除掉潜在未使用的库。这和与日俱增的保障软件供应链安全的重要性密切相关。我们也相当喜欢它的IAST组件。我们发现它在持续交付(continuous delivery,CD)流水线中很有效率,误报更少,并且能发现相当范围的漏洞。
