Page 90 - Cyber Defense eMagazine December 2023
P. 90
GitHub Insights - Here’s How it Works
GitHub Insights is StackHawk’s latest feature that offers security teams continuous discovery and visibility
into their organization's threat landscape, allowing them to identify gaps in coverage, align security testing
with the rapid pace of software development, and work more closely with the engineers writing the code.
By seamlessly integrating with GitHub repositories, this new feature eliminates blind spots and fosters
efficient collaboration between security and engineering teams. Instead of manually tracking and testing
hundreds or thousands of APIs, GitHub Insights provides software developers with visibility into their API
threats from every possible angle, allowing companies to be hyper-aware of vulnerabilities and bugs
before they disrupt business operation and product development timelines, a critical asset with teams
launching and retiring APIs and software applications daily. With GitHub Insights, users will be able to
efficiently coordinate security testing and new software development, identify gaps and blind spots in API
coverage, allow security teams to work more effectively and collaboratively with software engineers, and
maximize productivity by coordinating security testing in the early stages of software development.
How GitHub Insights Addresses API Security Pain Points
Since it’s nearly impossible for organizations to protect themselves from threats they can’t see,
StackHawk’s GitHub Insights provides heightened visibility so that teams can coordinate the
implementation of effective security measures when new APIs are added or old ones are retired, and
allow teams to observe if any current security measures need to be altered. This visibility gives teams
the upper hand in catching deficiencies – a game changer in today’s world with the rapid development of
new API routes.
Here's how StackHawk's GitHub Insights addresses these common pain points:
• Code-based API discovery: Traditional discovery tools have to rely on web traffic to identify API
routes; however, with StackHawk’s GitHub Insights, organizations can discover APIs at the
source code level. This feature enables teams to assess their complete API catalog prior to
production release.
• Continuous visibility: Stackhawk’s GitHub Insights examines the API layer, links its discoveries to
the source code, and offers thorough insights regarding the ongoing development, contributors,
and testing frequency. This helps ensure that security measures keep pace with fast software
development, granting organizations complete visibility into their attack surfaces and API security
posture.
• Bridging the gap between developers and security experts: Stackhawk’s GitHub Insights fosters
collaboration between security and developer teams by establishing connections between
testable APIs and their associated codebases and teams. As a result, security teams can quickly
identify and assign accountability for resolving issues as they occur and identifying suitable
collaborators for testing new APIs.
Cyber Defense eMagazine – December 2023 Edition 90
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
