Code Scanning DevOps

There’s a great line in the Blues Brothers movie where the waitress in a rough honky-tonk confirms to Jake and Elwood that they do, in fact, have both types of music in their bar: Country and Western. That scripted line reminds me of an undergraduate in one of my classes at Stevens years ago. In discussing her project, she confirmed to me that she can, in fact, write in both programming languages: Python and Java.

I think of these two situations whenever I’m presented with the growing list of programming languages available today. Such lists are usually impressive assortments of familiar and unfamiliar names, each designating a language that some will defend religiously, but that others will lampoon as the choice of fools. Comparing and assessing programming languages has always served as an excuse for computer scientists to argue.

This past week, I spent some time with a cyber security technology company called Kiuwan. Headquartered in Madrid, the firm is now part of Idera, which you will recognize as the large Houston-based software company with years of experience in the database software business. Kiuwan supports code scanning by programmers during DevOps, and they provide a super-impressive list of languages supported by their product.

“You can get the full list of forty different programming languages that we support from our website,” explained Wilson Warmack, General Manager at Idera. “We are proud of the breadth and reach of our Kiuwan solution, and we believe that the accuracy and speed of our product – and this originates in our advanced algorithms for code scanning – serve as true market differentiators and produce high-quality results.”

I did, in fact, go to the website – and here are the programming languages supported by Kiuwan for its code scanning and quality assessment tools: ABAP, Action Script, ASP.NET, C C#, C++, Cobol, HTML, Informix, Java, JavaScript, JCL, JSP, Natural, Objective C, Oracle Forms, PHP, PL-SQL, Power Script, Python, RPG4, Swift, Transact-SQL, VB.NET, Visual Basic 6, Groovy, Hana SQL Script, SQL, Ruby, Scala, and XML.

Kiuwan offers two static code analysis solutions for its customers with emphasis on DevOps: Code Security (SAST) supports static detection of exploitable vulnerabilities in source code and validates compliance or non-compliance with important software security standard such as OWASP, SANS, and CWE. Insights (SCA) offers complementary support in addressing security issues in third-party components, including automated support.

While Kiuwan certainly lines up well with the more familiar source code analysis tools for security that are in the market today, a key differentiator is the DevOps focus of its parent company. Idera has been busy in recent years building or acquiring companies that support the DevOps ecosystem. These include Gurock for software QA, Ranorex for test automation, Travis CI for test software, and Assemble secure source code management.

As such, it makes most sense to view Kiuwan’s entry to the United States from Spain in the context of these sibling capabilities. That is, whereas the company might meaningful expect a percentage of new customers based on its functional advantages – including algorithmic efficiency, the most likely growth scenario involves Idera customer integrating the Kiuwan capability into their DevOps processes.

If you are an Idera customer, then it’s a no brainer to give this capability a look. DevOps processes benefit from integrated cyber security solutions (resulting in DevSecOps), so adding this control is advised. If you are not an Idera customer, however, then have a look at this fine team from Spain. After spending time listening to what they do, I suspect you’ll feel like you have both major functions of the software process covered: DevOps and Security.