Apiiro, the leading application security posture management (ASPM) platform, today announces SHINE, its new integration program. SHINE stands for the program's guiding principles – Seamless, Holistic, Interconnected, Vendor-Neutral, and Enriched – and cements the company’s commitment to integrating across stacks, from development tools, CMDBs, security training tools, communication systems, and, most importantly, security tools from code to runtime.

Apiiro technology partners can now seamlessly integrate into its Deep ASPM platform and leverage the unique context provided by Apiiro's Risk Graph. By enriching ingested findings with its deep code inventory and runtime context, Apiiro goes beyond shallow aggregation to:

  • Correlate, de-duplicate, and prioritize findings based on risk likelihood and impact factors garnered from Deep Code Analysis (DCA) and runtime context to reduce manual triaging work.
  • Enrich and tie risks to their root cause and code owner, reducing time spent working with developers to remediate risks and improve mean time to remediation (MTTR).

“We’ve always strived to be a 100% open platform. Now, we have the foundation and commitment to our customers and community to back that up, fostering a collaborative environment where all stakeholders in the application development process can access and utilize critical security insights,” said Moti Gindi, Chief Product Officer at Apiiro. “We’re proud to formally launch this program, ensuring that all partners can contribute to and benefit from a holistic view of application risks.”

As part of SHINE, Apiiro announces dozens of initial integrations across SAST, SCA, secrets security, container security, cloud security, bug bounty, and other security tools, doubling down on its position as a 100% open ASPM platform.

Anchor Partner Quotes

“Mend and Apiiro have a shared goal of enabling AppSec teams to reduce risk and accelerate development. Integrations like ours are non-negotiable as we continue to empower our enterprise customers with the flexibility they need when dealing with the complexity of cloud-native environments.” – Vered Shaked, EVP Corporate Development and Strategic Partnerships, Mend.io"The JFrog Platform offers a consolidated solution for DevOps and DevSecOps, covering the full Software Supply Chain, including OSS Package Curation, SAST, SCA, Contextual Analysis, and Secret Detection. Apiiro's integration with JFrog provides users with additional context to show a broader perspective of the security posture of a project. Our mutual customers can now avoid using point solutions and gain end-to-end visibility directly connected to the main asset of their SSC: the Binaries. Leveraging insights from Apiiro and JFrog's comprehensive security solution automates the conversion of security findings into actionable steps, ensuring full traceability to the relevant teams involved in the organization's SDLC." – Gal Marder, SVP of Strategy, JFrog“Our customers are juggling countless tools and processes to keep up with the drumbeat of cloud-native development, so enabling them with a contextual single pane of glass is a must,” said Ori Bendet from Checkmarx. “Our integration streamlines the application cyber risk and remediation lifecycle making remediation and prioritization easier for everyone. This is key in helping application security and development teams in their efforts to manage application risk and ensure compliance while supporting business growth.” – Ori Bendet, VP Product Management, Checkmarx“By unifying findings across our customers’ security testing tools and bug bounty programs for correlation and root cause mapping, the Bugcrowd and Apiiro integration helps our customers fix risks faster. Plus, Apiiro’s application attack surface and coverage mapping enables our customers to fine-tune the scope of their bug bounty programs.” – Jacques Lopez, VP, Global Channel Sales & Strategic Alliances, Bugcrowd

Other integrations include Akamai, Black Duck, Fortify, GitHub, GitLab, Secure Code Warrior, Sonatype, Snyk, Wiz and several dozen others.

What Else is NewTo strengthen the formalization of SHINE and bolster the vision to unify risk visibility across tools to processes and from code to cloud, Apiiro has also introduced multiple platform enhancements:

  • Manual Security Findings Ingestion: In addition to integrating with security tools, Apiiro now ingests findings from bug bounty programs, manual threat models, and penetration tests, helping AppSec teams unify visibility across and correlate risks from all their disparate sources.
  • Container Inventory and Security Experience: Apiiro is rounding out its in-app experiences by risk category with container security, providing its customers with visibility across artifacts, connecting container images to their associated repository or code module, and more.
  • Risk Exposure Path: This visualization matches each risk from its source in code to associated containers, repositories, pipelines, and eventually, its runtime services, as powered by Apiiro’s patented Deep Code Analysis (DCA) technology and code-to-runtime matching.
  • Contextual Prioritization Funnel: Apiiro visually surfaces its contextual risk factors, such as whether a risk is in a code module that is in active development, is deployed, or is used in code (i.e. reachable), helping its customers to narrow in on real, business-critical risks.

By combining its open platform approach with its Deep Code Analysis (DCA) technology, Apiiro acts as a central AppSec control plane to give businesses the ability to define risk-based policies, build automated process triggers, and give developers a single interface across security tools—with all the context needed to fix fast and prevent the risks that matter. New integrations are coming soon with an industry-leading SLA of two weeks for building new vetted integrations.

Read more about SHINE on the Apiiro blog and see our integrations on the SHINE website.

About ApiiroApiiro empowers application security and development teams from companies like Morgan Stanley, Rakuten, SoFi, and Colgate to unify their application risk visibility, prioritization, assessment, and remediation to save time triaging security findings and fixing real risks so they can deliver secure applications to the cloud. The company is backed by Greylock, Kleiner Perkins, and General Catalyst.

Media ContactAdam LaGrecaFounder of 10KMediaadam@10kmedia.co

Photos accompanying this announcement are available at

https://www.globenewswire.com/NewsRoom/AttachmentNg/d4c79ba1-aea1-40c7-86f6-fd67ab67a862

https://www.globenewswire.com/NewsRoom/AttachmentNg/9c99f15b-cd39-49cb-964e-1d26de40e859