Integration overview

In this section:

A verification integration enables teams to automatically verify that security tasks have been implemented, and identifies which requirements the tools are unable to verify. Using the SD Elements integration provides a much broader visibility of risk than using a scanning solution on its own.

Process

A verification integration follows the steps below.

Steps:
  1. Import a result from the verification tool using file upload or remote web service.

  2. Compare all potential vulnerabilities that the verification tool can find with the tasks in SD Elements.

  3. If the verification tool does not cover the specific task, then there is no change to the verification status.

  4. If the verification tool does cover a task, then it marks the appropriate verification status.

    • See Verification status for more details.

    • If any vulnerability was found, the task will appear as "Fail".

    • Where possible, SD Elements provides a reference to more details in the verification tool’s report.

  5. All vulnerabilities found by the verification tool that do not match with a task in SD Elements are enumerated in task T193: Review non-categorized/miscellaneous findings from automated analysis

Note
Projects should select answer Project Settings→Development/Test Tools→Development Tools→Uses static or dynamic security code analysis to bring task T193: Review non-categorized/miscellaneous findings from automated analysis into a project.

After an integration completes, a project member can examine the tasks and determine which require additional testing based on their verification status. Tasks having a verification status of No Status or Partial Pass should be tested further manually, or with an alternative tool.

Scan retention policy

SD Elements does not keep a copy of scan results once they are imported. If project settings are changed after importing a scan result, scan results will not correlate to any newly added tasks. As a result, we suggest that you only import scan data after you have completed modifying the project settings.

results matching ""

    No results matching ""