Called Salus, after the Roman the goddess of safety and well-being, the program can automatically choose to run and configure different security scanners and issue a report on the results, according to a Thursday blog post from Coinbase developer Julian Borrey.
Available as an open-source tool on GitHub from today, Salus is said to offer the advantage of being able to centrally coordinate security scans across a large number of software storage repositories, avoiding having to configure a scanner for each different project.
It also means that, when making system wide changes to security scanner setups, updates can be made centrally within Salus to roll out across all repositories, the post states.
Coinbase explains that it uses a combination of human code reviews and automated scans to ensure its production deployments are as “secure as possible.” Salus was recently built by Coinbase to fill a gap in what was available for the team.
The post further states that open-source software is often coded to contain security scanners which can “tremendously improve security,” adding:
“Tools like these help us to ship faster, and we are tremendously grateful for these open source efforts. It was in this spirit that Coinbase started its open source fund, a token of gratitude for this type of community-oriented work.”
Coinbase now utilizes the tool to coordinate security scans across all its deployed services.
“It helps us enforce security policies for each change made to a codebase and ensures there is a quick feedback loop with the developer about potential vulnerabilities,” Borrey wrote.
Keys image via Shutterstock
Source link https://www.coindesk.com/coinbase-makes-new-security-scaling-tool-open-source/