Accurics Enables Self-healing Infrastructure with GitHub App

Jon Jarboe, Developer Advocate

At Accurics, we understand the importance of integrations. Modern development practices require automation around a series of tools that codify your development practices. Any new tool needs to work seamlessly within the pipeline, and we can simplify our user’s lives by providing integrations with the tools they already use.

We’re excited to announce a new GitHub App that takes our support for one of the most popular development platforms and its new code scanning feature to a new level.

Multiple Integration Options

Accurics and Terrascan have been accessible through GitHub Actions for a while, making it simple to programmatically enforce security policy in your pipelines. Terrascan, our open source static analysis tool, is accessible through the popular Super-Linter action. The Accurics platform is available through our own action. The new GitHub App further automates that enforcement throughout the development workflow.

It provides a library of more than 500 policies aligned with compliance standards such as the CIS benchmark. New commits and pull requests are automatically scanned for policy violations, and when security risks are found they are added to the PR and/or repo as issues. To help your team quickly eliminate them, you can even trigger new PRs with automatically-generated code to fix the issues.

Using the GitHub App

  1. Go to the GitHub marketplace and get the Accurics app
  2. Click “Install it for free”
  3. Answer the authorization prompts
  4. Select an IaC provider and repository for your first scan
  5. Click Finish and you’re good to go!

Self-Healing Infrastructure for DevSecOps

Given the success of high-velocity DevOps teams, we believe that self-healing infrastructure is the only way to embed security into DevOps without breaking it. Reactive processes that require manual actions simply cannot keep up. The rapid adoption of infrastructure as code provides an excellent opportunity to implement guardrails throughout the development lifecycle, starting in the earliest stages.

GitHub is a luminary in the software development world, and we’re excited to work with them to help deliver to their users the ability to programmatically detect and fix security risks through its new code scanning feature. By adding Accurics to code scanning, any GitHub user can automate the elimination of security risks from their infrastructure as code before and after deployment. To see Accurics working with your own workflows, simply install the app from the GitHub Marketplace. It will set up your free account and guide you through your first scan.  If you have questions, please hit us up in the forums, or request a personalized demo and consultation.