Contrast Security, Red Hat Team For Cloud-Native CI/CD Automation

March 30, 2022

Contrast Security has partnered with Red Hat to enable OpenShift users to deploy secure, containerized applications by integrating within native continuous integration and continuous delivery (CI/CD) pipelines. These integrations empower OpenShift users to retain the scalability of the OpenShift Container Platform, while adding automated security testing as a routine part of the software delivery process with no manual configuration or additional overhead costs.

These integrations were a joint effort between Contrast and Red Hat to ensure security is embedded as a core component of the software delivery value stream. Contrast continuously monitors customers' OpenShift applications at runtime to deliver the most actionable results without requiring AppSec teams to waste hundreds of hours validating results and causing delays for developers.

"Unfortunately many organizations lack the means to implement scalable security gates within their CI/CD pipelines which translates to insecure code being shipped across distributed cloud environments. Our partnership with Red Hat OpenShift ensures that these teams can now drive their DevSecOps transformation with automation at scale," said Sanjay Ramnath, Vice President of Product Management at Contrast Security. "This partnership is another component to Contrast's overall mission of ensuring developers are empowered to embed security within their environments without imposing additional work on them. We want to make security a value-add for everyone."

Contrast and Red Hat OpenShift integrations enable users to benefit from the following capabilities:

Source-to-Image Deployment: Cloud developers can embed Contrast's Assess and Protect agents into their source code image to ensure continuous vulnerability detection with runtime context and ensure their apps are protected from targeted attacks in production.

CI/CD Jenkins Pipelines: AppSec teams can trigger automated security tests within native Jenkins pipelines and ensure security policy gates are established to ensure no vulnerabilities are shipped to production.

OpenShift Pipelines via Tekton: Contrast provides OpenShift users with automated tasks that can be used to create repeatable pipeline templates within the OpenShift Pipeline environment. APIs provided by the Contrast Secure Coding Platform help initiate automated vulnerability scanning at build time and instrument security telemetry within the application prior to deployment.

The Contrast Secure Code Platform is available today to users leveraging the OpenShift Platform with support for Java, .NET, and Node.js applications.