Secure serverless code for free with CodeSec – Now available in AWS Marketplace
Secure serverless code for free with CodeSec – Now available in AWS Marketplace
August 18, 2022
Orlando Villanueva
Sr.Product Marketing Manager, CodeSec, Contrast Security
Subscribe to the Contrast Blog
By subscribing to our blog you will stay on top of all the latest appsec news and devops best practices. You will also be informed of the latest Contrast product news and exciting application security events.
As of August 12, 2022, Contrast Security’s new, free developer security tool, CodeSec, will be available in AWS Marketplace! CodeSec brings the fastest and most accurate scanner on the market right to developers at no cost. Providing actionable remediation guidance, CodeSec by Contrast enables developers to get up and running in less than five minutes.
Thanks to CodeSec’s groundbreaking serverless feature, developers scan serverless environments in AWS Lambda Functions (Java and Python) and detect cloud-native vulnerabilities quickly and accurately with actionable remediation guidance at no cost. Take advantage of this new free developer security tool, now available in AWS Marketplace!
Get Started With CodeSec – Serverless
CodeSec enables developers to secure both traditional and serverless environments by offering these two tools through a simple command-line interface (CLI) to get started:
1. INSTALL
- Open a command-prompt or terminal, then install with NPM or Homebrew.
- If already installed, then choose from the following commands:
Note: CodeSec supports Node versions >=16.13.2 <17
- npm install -g @contrast/contrast
or - brew tap contrastsecurity/tap
brew install contrast
- npm install -g @contrast/contrast
2. AUTHENTICATE
- Once Contrast is installed on your terminal, it’s time to authenticate with your GitHub or Google account by entering the following command:
- contrast auth
- Once this command is entered, a new tab in your browser will open, asking you to connect with either your GitHub or Google Account.
- Once connected, your terminal will update and you are now ready to start scanning!
3. START SCANNING
Once installed on your terminal, Type “contrast help” to see CodeSec’s capabilities:
- CodeSec Serverless – CodeSec supports scanning for Java and Python in lambda functions. To run a lambda scan, ensure AWS credentials (AWS_DEFAULT_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) are configured in your local environment. Then you are ready to use the contrast lambda command to scan your AWS Lambda functions.
Once a scan is complete.
Results are categorized by vulnerability type with actionable guidance to help developers understand what the vulnerability is and how to fix it.
Click here to check us out on AWS Marketplace!
To learn more about CodeSec and all its capabilities, click here.
*** This is a Security Bloggers Network syndicated blog from AppSec Observer authored by Orlando Villanueva. Read the original post at: https://www.contrastsecurity.com/security-influencers/idc-link-on-codesec-contrasts-new-free-developer-security-tool-0