Apiiro, the application security posture management (ASPM) platform, today announced its new integration program called SHINE. SHINE stands for the program’s guiding principles – Seamless, Holistic, Interconnected, Vendor-Neutral, and Enriched – and cements the company’s commitment to integrating across stacks, from development tools, CMDBs, security training tools, communication systems, and, most importantly, security tools from code to runtime.

Apiiro technology partners can now seamlessly integrate into its Deep ASPM platform and leverage the unique context provided by Apiiro’s Risk Graph. By enriching ingested findings with its deep code inventory and runtime context, Apiiro goes beyond shallow aggregation to:

• Correlate, de-duplicate, and prioritize findings based on risk likelihood and impact factors garnered from Deep Code Analysis (DCA) and runtime context to reduce manual triaging work.
• Enrich and tie risks to their root cause and code owner, reducing time spent working with developers to remediate risks and improve mean time to remediation (MTTR).

“We’ve always strived to be a 100% open platform. Now, we have the foundation and commitment to our customers and community to back that up, fostering a collaborative environment where all stakeholders in the application development process can access and utilize critical security insights,” said Moti Gindi, Chief Product Officer at Apiiro. “We’re proud to formally launch this program, ensuring that all partners can contribute to and benefit from a holistic view of application risks.”

As part of SHINE, Apiiro announces dozens of initial integrations across SAST, SCA, secrets security, container security, cloud security, bug bounty, and other security tools, doubling down on its position as a 100% open ASPM platform.

To strengthen the formalization of SHINE and bolster the vision to unify risk visibility across tools to processes and from code to cloud, Apiiro has also introduced multiple platform enhancements:

• Manual Security Findings Ingestion: In addition to integrating with security tools, Apiiro now ingests findings from bug bounty programs, manual threat models, and penetration tests, helping AppSec teams unify visibility across and correlate risks from all their disparate sources.
• Container Inventory and Security Experience: Apiiro is rounding out its in-app experiences by risk category with container security, providing its customers with visibility across artifacts, connecting container images to their associated repository or code module, and more.
• Risk Exposure Path: This visualization matches each risk from its source in code to associated containers, repositories, pipelines, and eventually, its runtime services, as powered by Apiiro’s patented Deep Code Analysis (DCA) technology and code-to-runtime matching.
• Contextual Prioritization Funnel: Apiiro visually surfaces its contextual risk factors, such as whether a risk is in a code module that is in active development, is deployed, or is used in code (i.e. reachable), helping its customers to narrow in on real, business-critical risks.

By combining its open platform approach with its Deep Code Analysis (DCA) technology, Apiiro acts as a central AppSec control plane to give businesses the ability to define risk-based policies, build automated process triggers, and give developers a single interface across security tools—with all the context needed to fix fast and prevent the risks that matter. New integrations are coming soon with an SLA of two weeks for building new vetted integrations.