Skip to content

DigitSec and Copado Announce Developer Cybersecurity Integration

DigitSec, a Seattle-based independent software vendor, and Copado, the leading Salesforce devops platform vendor based in Chicago, this week announced a developer cybersecurity integration. Starting immediately, the DigitSec S4 and Copado integration is available using an AppExchange package. DigitSec S4’s suite of cybersecurity tools are then invoked in a Copado devops pipeline, helping customers to find security flaws in code before they become security incidents.

DigitSec S4 is a suite of tools that detect and correct application security flaws early in the development process. “Proactive security awareness is very important to Copado customers as they manage their Salesforce development process,” said Blaine Kaho’onei, vice president of alliances for Copado. “The seamless integration of DigitSec S4 into our leading DevOps platform offers Copado customers a very comprehensive DevSecOps solution in their Salesforce CI/CD pipeline to accelerate digital transformation with confidence, quality, and security,” added Mr. Kaho’onei in a press release.

DigitSec S4 Fills a Gap

Copado fills a gap in its offerings with this DigitSec S4 integration. Until now, it was up to Copado customers to use Static Application Security Testing (SAST) tools to “shift left” their security efforts. The “shift left” movement refers to giving software developer tools to scan their code for security flaws early in the development lifecycle. Fixing security flaws in production can be literally thousands of times more expensive than fixing them in development. So, the DigitSec S4 value proposition is strong for almost every Copado customer.

Better Managed Pipelines

With DigitSec S4 now an easy addon to Copado, devops managers now have easier access to the SAST, dynamic application security testing (DAST), software composition analysis (SCA), and interactive application security testing (IAST) features of DigitSec S4. This mitigates the cybersecurity time bombs teams inadvertently leave behind when they take on big projects.

Copado-DigitSec S4 Integration Architecture (source)

“The Copado DevOps platform creates great efficiencies for Salesforce development teams. Those efficiencies can also introduce risk if there are no guardrails in place to protect against vulnerabilities and exposures. DigitSec and Copado together will ensure that each time a customer ships, they do so with the confidence that the release is secure and has been analyzed by DigitSec’s comprehensive security testing platform,” DigitSec CEO Waqas Nazir in the same press release.

Mr. Nazir was asked for more details on how the integration is accomplished. He replied, “The integration allows users to run DigitSec’s security scan from within a Copado pipeline via automation templates or directly from a user story.”

Productive Business Development

Copado needed to make a deal with a cybersecurity company like DigitSec to offset moves by competitors. Notably, AutoRABIT acquired DigitSec competitor Codescan earlier this year. That deal turned out a bit strange. Codescan says they intend to work as a cybersecurity scanner with AutoRABIT competitors.

This Copado-DigitSec deal makes sense for the Salesforce community. This is because it leaves DigitSec alone as a cybersecurity specialist, free to work with other Salesforce devops platforms. It is also an encouraging move by Copado. This level of integration with DigitSec by Copado demonstrates that Copado has a functional partner development ecosystem.

Hopefully this trend continues, which provides more opportunities for independent software vendors and customers alike.