Integration overview

Table of Contents

A verification integration enables teams to automatically verify that security Countermeasures have been implemented, and identifies which requirements the tools are unable to verify. Using the SD Elements integration provides a much broader visibility of risk than using a scanning solution on its own.

Process

A verification integration follows the steps below.

Steps:

  1. Import a result from the verification tool using file upload or remote web service.

  2. Compare all potential vulnerabilities that the verification tool can find with the Countermeasures in SD Elements.

  3. If the verification tool does not cover the specific Countermeasure, then there is no change to the verification status.

  4. If the verification tool does cover a Countermeasure, then it marks the appropriate verification status.

    • See Verification status for more details.

    • If any vulnerability was found, the Countermeasure will appear as "Fail".

    • Where possible, SD Elements provides a reference to more details in the verification tool’s report.

  5. All vulnerabilities found by the verification tool that do not match with a Countermeasure in SD Elements are enumerated in Countermeasure T193: Review non-categorized/miscellaneous findings from automated analysis

Projects should select answer Project Settings→Development/Test Tools→Development Tools→Uses static or dynamic security code analysis to bring Countermeasure T193: Review non-categorized/miscellaneous findings from automated analysis into a project.

After an integration completes, a project member can examine the Countermeasures and determine which require additional testing based on their verification status. Countermeasures having a verification status of No Status or Partial Pass should be tested further manually, or with an alternative tool.

Scan retention policy

SD Elements does not keep a copy of scan results once they are imported. If project settings are changed after importing a scan result, scan results will not correlate to any newly added Countermeasures. As a result, we suggest that you only import scan data after you have completed modifying the project settings.

results matching ""

    No results matching ""