MetaDefender for Jenkins and TeamCity: Secure Your Software Builds

Attacks on software supply chains can dramatically expand the potential distribution of malware. For example, threat actors can insert malware into the Python Package Index (PyPI) repository, exposing thousands of software development teams and leaving their source codes open to threats.

Cybercriminals have been looking for novel ways to find vulnerabilities to exploit, embed malware into CI/CD pipelines, and create backdoors into the building blocks which eventually endanger your infrastructure foundation and the entire application. Protection of source code and artifacts is a prime concern nowadays among software development teams looking to secure their Software Development Life Cycle (SDLC).

Third-Party Risks: a Rising Problem

The risks associated with third-party software is one of the primary problems that IT teams are trying to mitigate. Such perils are related to the increasing reliance on third-party software in Continuous Integration and Continuous Delivery (CI/CD) for faster time to market, on pre-existing code such as Open-Source Software (OSS) or other software publishers, and the lack of verification processes. In fact, 90% of IT organizations across the world are using enterprise open source today.

Applications have evolved over the past decades. We have shifted from legacy monolithic applications to microservices architectures. Modern applications built on top of microservices use APIs to communicate between applications. Additionally, different teams use third-party libraries or OSS to extend or build upon the existing code to create new functionalities. All this leads to a wider attack surface, putting organizations and their customers’ data at risk.

Because contemporary software development involves CI/CD, it adds even more components into their SDLCs, which means more data is in jeopardy. More security issues may surface in more complex scenarios, for example, if applications run in containers, a cloud platform, or Kubernetes clusters.

With the complexity and multi-layered nature of these applications come a great deal of components that need securing. What is worse is that the more security problems arise, the more likely it is for security teams and professionals to encounter bottlenecks in the application delivery process and slow down CI/CD pipeline.

Shifting Left in DevOps: Apply Security Early in the SDLC

Figure: Apply security early in the software development life cycle to mitigate risks

So how do teams manage and mitigate third-party risks throughout their SDLC? The answer is to incorporate security earlier in the DevSecOps workflow. The DevSecOps approach enables teams to incorporate security in the earliest phases of their SDLC or CI/CD pipeline. Security is embedded end to end, rather than letting the responsibility rest on the shoulders of cybersecurity teams. It’s organization-wide accountability to have the right security overlay and audit tools to flag the gaps for corrective actions throughout the software development process.

In other words, DevSecOps allows room for automation, faster release cycles, shorter feedback cycles, and early prevention of security holes that can be fixed sooner than later.

Secure your CI/CD Pipeline with MetaDefender Plugins for TeamCity and Jenkins

TeamCity and Jenkins are two popular build automation tools used in the CI/CD pipeline.

Powered by the advanced cybersecurity prevention and detection technologies of MetaDefender, OPSWAT’s MetaDefender plugins for TeamCity and Jenkins help secure your team’s build artifacts with more than 30 leading anti-virus engines.

MetaDefender Plugin for TeamCity

MetaDefender for TeamCity checks your TeamCity builds for malware and verifies anti-virus alerts to minimize false positives before you release your application to the public. You can quickly scan your build, not only to detect possible threats, but also to alert you if any anti-virus engines are incorrectly flagging your software or application as malicious, potentially causing harm to your reputation. Learn more

OPSWAT Portal for TeamCity plugins

MetaDefender Plugin for Jenkins

MetaDefender for Jenkins scans your Jenkins builds for malware and secrets prior to release. Your source code and artifacts are thoroughly checked for threats. You also get alerted to any potential issues via built-in automated fail-safes to prevent malware outbreaks and sensitive data leakage. Learn More

OPSWAT Portal for Jenkins plugins

Discover other free cybersecurity tools from OPSWAT. To learn more, talk to one of our critical infrastructure cybersecurity experts.

Sign up for Blog updates!
Get information and insight from the leader in advanced threat prevention.