NowSecure Announces New GitHub Integration for Mobile Apps

NowSecure has unveiled the GitHub Action for Mobile Software Bill of Materials (SBOM), an offering integrated with the GitHub Action Dependency Graph.

The offering is the first in-platform SBOM automated dynamic mobile application and enables iOS and Android mobile application developers to have visibility into the components, third-party libraries and frameworks they are using and ensure their appropriate version, security, and privacy as they build them. .

NowSecure notes that this will allow developers to deliver high-quality, secure mobile apps faster.

Github provides a software development platform for over 83 million developers and has released new extensions for dependency information in the GitHub dependency graph along with new Github actions.

“The software supply chain starts with the developer,” says Jose Palafox, director of business partnerships at GitHub.

“Extending automated visibility into your SBOM means developers can dramatically reduce their use of vulnerable software dependencies and be confident in delivering new mobile features and products with security built in by design.”

NowSecure’s latest offering is available in early access through GitHub Marketplace, and the NowSecure platform can also be purchased through Microsoft Azure Marketplace.

Additionally, all GitHub mobile developers can request a free scan for dynamic SBOM generation in GitHub Dependency Graph under the Early Access Program.

The companies note that the increase in major incidents is an underlying factor in the urgency for developers to be able to manage software dependencies, with software chain attacks increasing by 650% in 2021, including major incidents from SolarWinds, Microsoft, Kasaya, log4j and others.

Additionally, the 2021 White House Cybersecurity Orders identified critical risks in the global software supply chain and defined requirements for government agencies to put in place standards and policies that would secure the chain. software supply.

“Developers want to deliver innovative, high-quality mobile apps quickly,” says Alan Snyder, CEO of NowSecure.

“This means they need a mobile security solution designed for developers that is easy to use and accurate, integrated directly into their development workflows.

“As mobile developers depend on third-party code for innovative experiences, complex features, and time to market, they need to ensure that the code they use is up-to-date and secure.

“We’re excited to extend our partnership with GitHub and the community by adding dynamic SBOM generation to the GitHub Dependency Graph to help developers protect their software supply chain.”
NowSecure also offers two GitHub actions for automated mobile app scanning and mobile app SBOMs.

NowSecure GitHub’s first action offers automated static and dynamic security scanning of iOS and Android mobile apps built in any language or framework, including Swift, Objective-C, Java, Kotlin, Dart, and React-Native.

Additionally, the NowSecure GitHub action for mobile SBOMs creates component details for visibility into the libraries and frameworks included in all mobile apps.

This identifies transitive dependencies, identifies libraries and frameworks that use older versions, identifies components that remain but may have been previously specified to be removed, and discovers component licensing details.

“The NowSecure GitHub for Mobile SBOM action populates the GitHub dependencies graph with mobile data so that in the future, GitHub Dependabot alerts can update dependencies to the newest and most secure versions of libraries in mobile apps,” said David Weinstein, CTO of NowSecure.

“Additionally, comparing the SBOMs and dependencies of different versions of a mobile application provides insight into changes made by the developer over time that may require further analysis or help identify technical debt.

“Overall, we were very impressed with GitHub’s implementation, allowing third parties to extend the dependency graph and Dependabot to support new ecosystems like mobile.”