Security Vision announces the launch of a new product, Security Vision ASOC, a secure development management platform that integrates all stages of SSDLC.
The ASOC product eliminates the fragmentation of tools and provides a holistic, manageable view of the security of the entire development, allowing IT and InfoSec teams to make decisions based on objective metrics rather than disparate reports.
The product includes five key modules:
1. Design and Architecture
At the design and architecture stage, the platform helps to build component interactions, define trust boundaries, and conduct threat modeling, thereby laying the foundation for secure development. The system allows you to create architectural models of applications, describing the components and their interrelationships. Built-in templates speed up the process and ensure uniformity. The platform supports threat modeling using STRIDE, OWASP, and LINDUNN methodologies, with threats linked to specific system components.:
• Threat modeling with automatic selection of scenarios by components;
• Ability to set data flows and trust boundaries;
• Identification of risks at an early stage;
• Setting mitigation tasks both in the platform and the ability to configure notifications of new tasks in an ITSM solution that is convenient for you.
2. Code security control
At the stage of code security control, the system performs static analysis, secret search, dependency checking, and automatic task generation. You can also configure code review policies for each project (requirements for security checks before merging code), builds (secure CI/CD settings), and task handling (rules for automatically creating and prioritizing vulnerability management tasks). Policies scale across the entire organization, ensuring uniform security standards.
3. Infrastructure control
At this stage, the system automates the launch and control of troubleshooting identified by the results of the following checks:
• analysis of containers, images, and system packages;
• DAST-scanning of web applications (OWASP ZAP, etc.);
• Fuzzing testing.
4. Secure deployment
During this stage, security policies are integrated into CI/CD processes and prevent the release of a product with critical risks. The system implements functionality that includes:
• Security policies for CI/CD;
• release locks in the presence of critical vulnerabilities;
• Control of assemblies and shipping artifacts.
5. Operational monitoring
At the final stage, the system continuously monitors the objects included in the SSDLC processes. The following functionality is included in the boxed delivery:
• obtaining relevant vulnerabilities from VS/VM platforms with automatic asset linking, which allows you to see how operational risks relate to architecture, code and infrastructure;
• Downloading incidents from SOAR and other monitoring systems, classifying them and linking them to projects and services to form a complete security picture.
The solution integrates with popular development and analysis tools, including PVS-Studio, Trivy, Semgrep, GitLab, GitHub, Azure DevOps, OWASP ZAP, and others, and supports its own data model for SSDLC stages.
Key advantages of Security Vision ASOC:
• A single product instead of dozens of disparate tools.
• The full context for each vulnerability: component, repository, service, environment.
• Flexible integration with domestic and foreign DevOps and SecOps solutions, as well as opensource solutions.
• Implementation on the Security Vision 5 platform allows you to flexibly configure any additional integrations, make process adjustments, change the display on cards and lists of objects, and develop your own reports and dashboards. All this is done in the no-code constructors included in the platform.
The product also implements a convenient monitoring system to monitor the implementation of each stage: design and architecture, code security control, infrastructure control, secure deployment and operational monitoring.
A single analytics dashboard displays key indicators: threat level, number of vulnerabilities, incidents, project scan coverage, build quality, and risk dynamics.
This allows managers and technical teams to make decisions based on data and see the real progress of the SSDLC process, as well as assess the level of maturity at each stage of the process.
In the product roadmap:
• Support for Kubernetes security through SPC, IaC analysis, and mobile applications.
• AI-categorization of vulnerabilities to reduce the load on AppSec teams by up to 80-90%.
Availability
Security Vision ASOC is available to corporate customers today. Additional integrations, mobile security support, IaC analysis, and extended Kubernetes coverage will be included in the 2025-2026 releases.
