Backslash Unveils Extensive Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform
June 2024 by Marc Jacob
Backslash Security unveiled expansive new platform capabilities. With a broad roster of new on-premises integrations, security team workflow integrations and automation features, CI/CD integrations, and bolstered language support, Backslash now serves the full software development lifecycle and further supports the application security needs of large enterprises.
Backslash combines SCA, SAST, SBOM, VEX, and secrets detection to replace outdated legacy SAST and SCA tools with a single, enterprise-ready platform that uncovers the most critical risks through reachability analysis. Newly released enhancements to the Backslash platform include:
Extended support for large enterprise use cases:
• Integrations with Github Enterprise On-Premise, Github Enterprise Server, Gitlab On-Premise and Bitbucket On-Premise enable seamless connection to enterprise on-premises codebases.
• Extended language support adds C, C++, Ruby, Rust and Scala to Backslash’s existing language portfolio to serve diverse technology stacks and secure the entire codebase, including third party libraries and dependencies.
• Role-based access controls enable enterprises to easily manage access to the Backslash platform for large and varied user bases across the organization.
Security team workflow enhancements: New automation policies and actions features enable Backslash users to specify security workflows and automatically create tickets and notifications with the following collaboration platforms: Jira, Monday.com, ServiceNow, Slack and Microsoft Teams.
CI/CD integrations for DevSecOps support: Integrations with Gitlab Pipelines, Github Actions and Azure Pipelines enable DevOps teams to implement DevSecOps processes and prevent new issues from being introduced in the pull request and CI/CD stages.
Reachability analysis enhancements:
• Phantom packages are packages not defined or controlled by the app developer but introduced by a transitive one, escaping the developer’s control and potentially introducing vulnerable versions into the application. Backslash detects these phantom packages in OSS code, even if they are not declared in manifest files.
• Backslash Security’s reachability analysis identifies vulnerable transitive packages, helping developers understand which vulnerabilities are actually in use and therefore exploitable within their codebase, allowing them to prioritize what to fix.
• New UI features bolster reachability evidence by showing code references for each reachable path.