IBM has announced the availability of Code Risk Analyzer in IBM Cloud Continuous Delivery, a cloud service that helps provision toolchains, automate builds and tests, and control quality with analytics.
Code Risk Analyzer is a security measure that can be configured to run at the beginning of a developer’s code pipeline, reviewing and analyzing Git repositories for known issues with any open source code that need to be managed.
With Code Risk Analyzer, application teams can assess rapidly evolving cybersecurity threats, prioritize application security problems, and resolve them.
Code Risk Analyzer is provided as a set of Tekton tasks, which can be incorporated by developers as their delivery pipelines.
It allows you to discover vulnerabilities in your application and OS stack based on rich threat intelligence from Snyk and Clair, and provides fix recommendations.
Further, Code Risk Analyzer can discover misconfigurations in Kubernetes deployment files.
Initially, Code Risk Analyzer is available in the Dallas (US-South) region only.