Integration overview

In this section:

A security tool integration enables teams to automatically verify that security tasks have been implemented, and identifies which requirements the tools are unable to verify. Using the SD Elements integration provides a much broader visibility of risk than using a scanning solution on its own.

Process

A security tool integration follows the steps below.

Steps:
  1. Import an analysis result from the scanning tool using file upload or remote web service.

  2. Compare all potential vulnerabilities that the scanning tool can find with the tasks in SD Elements.

  3. If the scanning tool does not cover the specific task, then there is no change to the verification status.

  4. If the scanning tool does cover a task, then it marks the appropriate verification status.

    • See Verification status for more details.

    • If any vulnerability was found, the task will appear as "Fail".

    • Where possible, SD Elements provides a reference to more details in the scanning tool’s report.

  5. All vulnerabilities found by the scanning tool that do not match with a task in SD Elements are enumerated in task T193: Review non-categorized/miscellaneous findings from automated analysis

Projects should select answer Project Settings→Development/Test Tools→Development Tools→Uses static or dynamic security code analysis to bring task T193: Review non-categorized/miscellaneous findings from automated analysis into a project.

After an integration completes, a project member can examine the tasks and determine which require additional testing based on their verification status. Tasks having a verification status of No Status or Partial Pass should be tested further manually, or with an alternative tool.

Scan retention policy

SD Elements does not keep a copy of scan results once they are imported. If project settings are changed after importing a scan result, scan results will not correlate to any newly added tasks. As a result, we suggest that you only import scan data after you have completed modifying the project settings.

results matching ""

    No results matching ""