ArmorCode Lets AppSec Engineers Discover Vulnerable Code

Nikhil Gupta started ArmorCode during the early months of the COVID-19 pandemic, just as organizations were looking to accelerate their migrations to cloud-native applications using microservices and from waterfall to agile development. The problem, Gupta noted, is that typical organizations have one application security engineer for every 100 developers.

“While the application development has transformed, application security is still very painful,” Gupta said. “AppSec engineers are overwhelmed because they are getting the information from Excel spreadsheets.”

ArmorCode created a platform that deduplicates data and performs correlations. In one instance, ArmorCode was able to determine that of 800 code repositories, only 40 were active. More importantly, it allows developers to search for code that might have vulnerable Log4j code.

“It’s a Google-like search; you can show findings containing Log4j or show findings containing Shell4j,” he said.