Black Duck has released a new GitHub App designed to make it easier for development and security teams to automate security testing across their repositories. Now available in the GitHub Marketplace, the Black Duck Security GitHub App integrates with Polaris, Black Duck SCA, and Coverity, streamlining both onboarding and continuous synchronisation of GitHub repositories.
The integration allows teams to configure and run static application security testing (SAST) and software composition analysis (SCA) scans on projects at scale, whether in SaaS or on-premises environments. By embedding security checks directly into developer workflows, Black Duck aims to improve time to value and overall return on investment for its customers.
Among its key features, the GitHub App supports bulk onboarding of repositories, automated scans triggered by commits and pull requests, and integration of results directly into pull request comments. It also enables automated fix pull requests for open source vulnerabilities, customisable policy enforcement to block builds with violations, and SARIF report integration with GitHub Advanced Security dashboards.
According to Black Duck, the benefits for development and security teams include simplified scaling of security testing across entire application portfolios, reduced manual configuration effort, and fewer errors. Developers also gain direct access to security insights and remediation guidance within their existing GitHub workflows.
“By integrating Black Duck with GitHub, we’re empowering developers to build secure software faster and more efficiently than ever while supporting our true scale approach for both on-prem and SaaS environments,” said Scott Johnson, VP of Product Management at Black Duck. “Combining our industry-leading application security expertise with GitHub’s collaborative development platform further enables our customers to reduce risk, accelerate development velocity, and achieve a stronger security posture – all while maintaining the agility and speed that modern software development demands.”
The Black Duck Security GitHub App is now live in the GitHub Marketplace, where teams can begin automating their application security testing without leaving the GitHub ecosystem.
