AWS Partner Network (APN) Blog
AWS DevOps Competency Expands to Include DevSecOps Category
By Aditya Muppavarapu, Sr. Segment Lead, DevOps – AWS
By James Bland, Sr. Partner SA, DevOps – AWS
By Christin Voytko, Competency Launch Product Manager – AWS
Identifying and addressing a security issue early in the application development lifecycle reduces risk, cost, and improves productivity. In many organizations, however, security is often the last gate which can slow down developers from launching new features to customers.
With proper DevSecOps implementation, security becomes an integral part of the application delivery pipeline, allowing developers to receive rapid and contextual feedback as they build new features. Automated delivery pipelines with baked-in security and observability enable teams to rapidly test and release features while minimizing errors and reducing risk.
The new DevSecOps category for the AWS DevOps Competency makes it easy for customers to find validated AWS Partners with DevSecOps products. These partners can help customers build secure applications by integrating security controls and policies into their application delivery pipelines.
The DevSecOps products in this new category provide multiple layers of protection across all stages of the delivery lifecycle. They scan application code, infrastructure code, and cloud configurations for any security standards or policy violations; monitor applications at runtime; help run security testing; scan third-party libraries for supply chain vulnerabilities; and provide protection and remediation against violations.
AWS Partners Have Proven Experience in DevOps
The AWS Competency Program is designed to validate and promote AWS Partners with demonstrated technical expertise and proven customer success.
A Competency designation helps AWS Partners differentiate their business to customers by showcasing their products and services in specialized areas across industries, use cases, and workloads.
To achieve the AWS DevOps Competency, partners’ DevOps offerings are validated against AWS best practices by AWS DevOps experts.
Anitian’s SecureCloud for Compliance Automation is the world’s first pre-packaged compliant architecture. In just a few hours, Anitian can deploy a complete cloud environment pre-configured to meet security and compliance requirements. Everything is included: systems, controls, policies, and more.
The Checkmarx platform delivers a comprehensive software security solution integrating Static Application Security Testing (SAST), Source Code Analysis (SCA), Interactive Application Security Testing (IAST), and developer training to remediate software vulnerabilities throughout the DevOps pipeline.
Contrast Security delivers DevSecOps technology with continuous and accurate security throughout the application lifecycle. Contrast’s instrumentation technology enables applications to assess and fix vulnerabilities in development and protect applications in production by monitoring and blocking attacks.
HashiCorp Terraform is an open-source infrastructure-as-code (IaC) software tool that provides a consistent command line interface (CLI) workflow to manage hundreds of cloud services.
As the world’s first universal repository, JFrog Artifactory with Xray SaaS is the mission-critical heart of the JFrog Platform. It functions as the single source of truth for managing and securing all packages, container images, and Helm charts as they move across the entire DevOps pipeline.
Snyk finds and fixes vulnerabilities in applications that use open source, serverless, and containers. Snyk’s seamless integration into the developer workflow, with continuous monitoring of applications in production, empowers developers to continue to release fast, while ensuring secure code.
Ship cloud applications faster using the Sysdig Secure DevOps Platform. Embed security, validate compliance, and maximize performance and availability. The Enterprise tier packages the essential and advanced workflows for secure DevOps.
Cloud security can be simplified with Trend Micro Cloud One. If features threat defense techniques across a broad set of platforms from cloud migration to modern applications. Defend your AWS workloads against threats, malware, and vulnerabilities.
Veracode simplifies AppSec programs by integrating into the development pipeline. Veracode’s SaaS model delivers a better, more scalable service at a lower cost. By analyzing over 10 trillion lines of code, Veracode is able to provide the fastest path to accuracy.
WhiteSource helps secure and manage your open source usage by automating the entire process of open source selection, approval, and management. WhiteSource detects and suggests remediations for security and compliance issues.
Customers: Procure DevSecOps Software Products
AWS DevOps Competency DevSecOps products can help customers build secure applications faster and with confidence. We invite you to accelerate your time to market with AWS DevOps Competency Partners.
Partners: Join the AWS DevOps Competency Program
AWS Partners with experience in DevOps solutions can learn more about becoming an AWS Competency Partner. The AWS DevOps Competency Validation Checklists for Software and Services offerings (login required) provide the criteria necessary to achieve this AWS Competency.
AWS DevOps Competency Partners receive unique benefits in addition to AWS Competency benefits.