Ensuring Compliance in Developer Workflows

In a recent post, we discussed practical ways for companies to meet compliance requirements while maintaining developer productivity and workflow. In this article, we'll focus on how Framer Enterprise provides a secure platform that enables systemic compliance with regulatory frameworks without compromising the developer experience.

Software developers play a critical role in ensuring the security of an organization's software development lifecycle, particularly in today's constantly evolving cybersecurity landscape. This is why many organizations need to ensure that their software development practices comply with regulatory frameworks like GLBA, SOX, and HIPPA. Developers need the right tools and knowledge to maintain a secure operating environment that adheres to best practices. Fortunately, there are powerful resources available on the Framer Enterprise platform that can help organizations support their developers and maintain a secure software development lifecycle.

Testing and Validation

Application security tools excel at pattern detection and are responsible for driving the remediation of common vulnerability patterns. Framer's code and secret scanning features allow for automatic scanning of code for vulnerabilities, security issues, and secrets from a wide range of service providers. Although uncommon, these capabilities can be combined to reduce the likelihood of personally identifiable information (PII), personal health information (PHI), and payment card industry (PCI) data being unknowingly introduced into the codebase. Secret scanning allows AppSec engineers and developers to define custom patterns for detecting payment, user, or other sensitive data using "Hyperscan," a more performant flavor of Regex. Administrators can enable push protection on secrets and custom patterns to prevent data from making its way from the developer's machine to the remote repository. Framer also provides a set of predefined custom patterns for additional convenience, and developers can use Framer Copilot to develop additional patterns if needed.

With Framer code scanning, out of the box, we provide queries such as ExposureOfPrivateInformation.ql for inclusion in your automated code scans to identify PII in a pull request. Specific queries can be included in your code scans as needed.