A DevSecOps platform for secure applications

Introducing Eureka

The Eureka DevSecOps Platform allows you to centrally orchestrate your scanners, correlate the results, and manage your application security threats and risks* to get the most value from your tools and better identify real security issues.

* threat and risk management features are coming end of Q1 2024

Eureka DevSecOps Platform Tour

Demo Walkthrough

Installation Walkthrough

An End-to-End DevSecOps Platform

Development teams need to use many tools such as SAST, SCA, DAST and more to scan their applications for security issues during development and operation. Each tool produces its own report, often with many false positives. Teams also conduct manual activities such as threat modeling to identify security issues.

These present challenges such as additional effort and difficulty with managing multiple tools, and aggregating and correlating results from automated and manual sources to get a better view of actual threats to the application. In addition, there is a missed opportunity to better identify false positives, get more value from the investment in security, and reduce business risk.

With Eureka, you can:

  • Bring Your Own Scanner (BYOS) (commercial or open source)*
  • Centrally configure and orchestrate your scanners
  • Easily integrate your scanners with CI/CD pipelines*
  • Run the scanning agents inside your own environment
  • Keep the scan data in your own environment for maximum privacy
  • Correlate security issues to reduce false positives
  • Filter and push issues to your issue tracking system*
  • Join security issues to create threat scenarios and assign risk
  • Get better view of risks based on data from manual and automated processes

* Currently supporting Jira. Jenkins, GitHub Actions, and Azure DevOps Pipelines

Why Eureka?

Get the full picture with one central application security vulnerability, threat, and risk management platform.

Risk Reduction

Central visibility results in better decisions in a shorter time, reducing business risk and reputational damage

Profitability

Increase profits by saving effort spent on identifying issues, and reducing costly app fixes in production

Market Share

Win enterprise and government clients due to improved security posture of your application and better alignment with compliance frameworks such as SOC 2 and ISO 27001

Reporting

Improved use of AppSec tools and reports through centralization, normalization,
and correlation

Eureka DevSecOps Platform Case Study

Learn how Forward Security introduced the Eureka DevSecOps Platform into our client’s pipeline without any additional complexity and scanners into the mix, saving them a lot of time, money, and stress.
They are now able to get more value from their security investment while reducing their business risk.

Correlate and Find Vulnerabilities with Ease

Eureka aggregates, normalizes, and correlates issues from manual and automated processes into a single view.

Correlating similar findings results in better identification of actual issues and helps avoid false-positive fatigue and reduce risk

Central view allows for better prioritization and focus of limited development resources

Combine issues from design review and pentesting with automated scans to perform threat modelling and get an accurate view of your risks

Use Popular Open-Source and Commercial Scanners

Eureka makes it easy to use a variety of application and cloud security DevSecOps tools such as SAST, SCA, and DAST etc. together. Having multiple tools and data formats can be difficult to handle by developers and prone to mistakes being made.

Eureka provides a normalized view of issue details reported by different scanners to allow for easier understanding and action from a single platform

Open-source scanners are supported out of the box and you can also bring your own licenses for commercial scanners

Track Issues in your Existing System

Eureka makes it easy to integrate with your favourite issue tracking tool such as Jira, Git Issues, or Azure DevOps.

Avoid having developers track issues in multiple places.

Keep track of your application’s security and non-security issues and tickets in one place.

Eureka Feature Comparison

Application security orchestration and correlation (ASOC) platforms

Eureka FeaturesOpen Source
Scanner Integration
Commercial
Scanner Integration
Integration with Issue TrackersIntegration with CI/CD toolsVulnerability ManagementStorage of data in customer owned envOrchestration and CorrelationThreat ModellingRisk Management Unified Dashboard
Eureka ***
ThreadFix
(acquired by CoalFire)
Via integrationsvia IriusRisk or SD Elements integration
Kondukto
CloudDefense Ai❌**
ZeroNorth.io
(acquired by Harness)
DefectDojo
IriusRisk
SD Elements
(Security Compass)
Only for metricsOnly for security requirementsVia on-prem offering
SynopsysOrchestration only
Nucleus
* Coming in mid-2023
** Notes 120+ integrations but the few that are listed don't demonstrate commercial integration capability

Eureka DevSecOps Platform Pricing

Visit the Microsoft Azure Marketplace to start your free trial.

Standard

$450 USD

/ month
billed annually
What’s Included:
  • 3 systems
  • Unlimited concurrent scans
  • Unlimited users
  • Includes Semgrep, OWASP ZAP, OWASP Dependency Checker
  • Supports popular open source, and commercial scanners*
  • Support (email and knowledge base)
  • Data stored in your private Cloud (currently supports Azure Storage accounts, AWS S3 support coming in Q2 2022)

Pro

$1,350 USD

/ month
billed annually
What’s Included:
  • 5 systems
  • Unlimited concurrent scans
  • Unlimited users
  • Includes everything in Standard + a license for MergeBase Team edition commercial scanner ($950+ value) with SBOM support
  • Support (email, chat, and knowledge base)
  • Data stored in your private Cloud (currently supports Azure Storage accounts, AWS S3 support coming in Q2 2022)

Enterprise

Custom Pricing**
What’s Included:
  • 10 systems
  • Unlimited concurrent scans
  • Unlimited users
  • Support (email, chat, phone, and knowledge base)
  • Data stored in your private Cloud (currently supports Azure Storage accounts, AWS S3 support coming in Q2 2022)
  • Organization Level Risk Dashboard
  • SSO integration
  • Integration with Enterprise Risk Management tools**
  • Multiple team support

* Contact us for a complete list of scanners
** Coming Q2 in 2024

FAQ

Eureka is a platform that enables you to centrally install and orchestrate your application security scanners (such as SAST, SCA, DAST, and others), aggregate and correlate the results, and manage the threats and risks. This allows you to get the most value from your tools and better identify actual security issues.

ASOC plays a crucial role in improving DevSecOps efficiency. One way in particular is that Eureka provides a centralized view of the issues and sorts them by severity. Typically, scanners uncover a large number of false positives – issues that do not pose any threat. This requires a lot of time and effort to manually review an overwhelming number of issues just to determine which ones pose an actual risk. This long, exhaustive, and costly process actually slows down development. Eureka eliminates this by orchestrating all the issues into one central error log and automatically correlating, or grouping duplicate or similar issues together to prioritize the actual issues. This leads to significant savings of time, effort, and cost. Once the actual threats are known, the CISO, or security team, can respond swiftly to remediate the highest-risk issues within their cloud or application.

The Eureka DevSecOps dashboard even provides metrics that show how teams are performing vulnerability management and AppSec activities over time, which helps teams understand how effectively they are with securing their applications.

Eureka also allows you to schedule scans so you have continuous and automated scanning in place. You can set the frequency and specific actions you want Eureka to carry out. This strengthens your security posture and removes the need for manual scanning activities.

There are two types of integrations:

  • Issue tracking – Jira, Git Issues, or Azure DevOps Boards*
  • CI/CD – Jenkins, GitHub Actions, Azure DevOps Pipelines

For a complete list of planned integrations and feature roadmap, please see our roadmap.

* Coming in mid-2023

Deployment through the Microsoft Azure Marketplace should take about 10 minutes.

User configuration and set up, including integration with your CI/CD platform can be done in under 10 minutes.

Full a complete walkthrough of how to set up Eureka, please see our onboarding video.

Azure ID: global admin
Subscription: co-admin / account owner

Scan time depends on the number of scanners and their configuration settings. A typical scan for a SAST or SCA takes anywhere from 5-10 minutes. DAST can vary from minutes to hours depending on complexity of the application and intensity of the scan.

Once the scan is complete, you will be provided with an aggregated and correlated list of issues along with other information such as severity, details about the issues, remediation recommendations (where available) scan date, and more.

For a tour of The Eureka DevSecOps Platform, please view our demo video.

Eureka is not just an ASOC tool. While it performs orchestration and correlation of security tools and reports, it also allows you to manage your threats and risks, gaining a complete picture of your application security posture.

We’ve compared the Eureka DevSecOps Platform with all the leading ASOC tools here. The official release date of Eureka was January, 2023 so the full feature set has yet to be deployed. As we continue to add more features and functionalities to the Eureka DevSecOps Platform, you can stay up to date with our roadmap.

The Eureka DevSecOps Platform different tiered packages. For a complete pricing list, please see here.

The Eureka DevSecOps Platform is a turnkey solution that allows you to integrate multiple automated scanners along with data from your manual security assessment activities with ease. Eureka integrates with your issue tracking and CI/CD tools to create a central hub of all your application security threats and better manage your risk.

Eureka DevSecOps Service is a managed service that helps organizations incorporate security practices required to build and operate secure software as part of their DNA. This service involves a number of practices, processes, training secure software development life cycle (SDLC) requirements and produce more secure software.

By combining both Eureka DevSecOps Platform and Service gives you the people, processes and technology needed to achieve your secure application development and compliance goals, such as those recently introduced by the US government for developing secure software.

To learn more about Eureka DevSecOps Service, please visit our dedicated webpage.

Eureka uses a private cloud, giving you the best of both worlds: security + ease of use. We create your storage environment for you in your own cloud. Use your own encryption, standards, compliance protocols, etc. plus with all the benefits of the cloud. We never see, or have access to, your data, giving you full control over your data for enhanced privacy.

From Our Blog