The DevSecOps automation platform now integrates with 13 tools, notably newcapabilities for security benchmarks and assessing.
SEATTLE, July 7, 2020 – Refactr, the DevSecOps automation platform enabling organizations through their next shift to IT-as-Code, announced today the immediate release of newintegrations and capabilities. The new features focus primarily on security tools in response to alag in automation solutions for security processes. So far, automation solutions are largelydirected at engineering teams, but security teams benefit from DevOps methodologies aroundculture and automation, too.
“Today’s remote work environment is accelerating demand for software-defined everything. As a result, we have more cloud-based vulnerabilities. Now, there is a greater urgency to make security a priority in the production process,” said Mike Fraser, CEO of Refactr. “Our latest batch of features is hyper-focused on security integrations that not only prioritize the role and work of security professionals, but also enhance the level of collaboration happening across tech teams.”
New integrations and capabilities:• CIS-CAT Assessor: The Center for Internet Security’s (CIS's) CIS-CAT® configurationassessment tool can now be added directly to pipelines, enabling powerful remotescanning and reporting functionality. Both the Lite and Pro versions are supported.• OpenSCAP: Built-in support for this industry-standard, open source complianceassessment tool enables users to quickly add compliance scanning and automatedreport generation to their pipelines.• Kubectl: Deeper integration with the Kubernetes CLI allows users to easily authenticate,deploy apps, and perform management operations on their Kubernetes clusters.• Self-hosted runner agent: With the beta release of Refactr’s self-hosted runner agents,users can now execute pipeline runs on custom infrastructure or inside their own privatenetworks. This addition opens the door to much more powerful pipelines that mayrequire additional tools, resources, or privileged access.
“Integrating CIS-CAT with the Refactr platform increases our reach to teams eager to mergeprocesses between engineering and security,” said Curtis Dukes, CIS Executive Vice Presidentof Security Best Practices. “The more security becomes a part of the development process, thestraighter an organization’s security posture becomes. We’re thrilled to be partnering withRefactr on realizing our common goal to automate security in our connected world.”
Refactr is helping all tech teams design and deliver complex, secure cloud infrastructure andapplications through its all-in-one, visual automation platform. The DevSecOps automationplatform currently integrates with AWS Cloud Formation, Azure Resource Manager, Git, GoogleDeployment Manager, Hashicorp Terraform, Kubernetes API, Node, Powershell, Python andShell Scripts, Red Hat Ansible, OpenSCAP, and CIS-CAT.
Currently in contract with the United States Air Force AFWERX Small Business InnovationResearch (SBIR) 20.1 Phase 1, Refactr is helping customers like the Air Force and Fortinet todeploy virtual machines to Azure, deploy Kubernetes EKS clusters on AWS, and use Burpsuiteto run web application security tests against a running web server. Refactr is currently pursuinga SBIR Phase 2 contract from the United States Air Force and raising its seed round.
About RefactrRefactr is a Seattle-based DevSecOps startup founded in 2017 by military veteran and industryexperts in cloud and cybersecurity. Its mission is to accelerate adoption of DevSecOpsmethodologies among security and DevOps teams. Refactr provides a simple and collaborativeautomation platform that enables tech teams to visually design and run modern, software-defined ITas-Code solutions including infrastructure, configuration, integrations and security. Technology changes, people adapt. Refactr innovates to make the world more agile through the next shift of digital transformation into IT-as-Code. Learn more at https://refactr.itAbout CISThe Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. elections offices. To learn more, visit https://CISecurity.org or follow us on Twitter: @CISecurity.