Traditionally, security vulnerabilities get discovered after the bug bashing process within the application development lifecycle. This causes delays in releases and frustration with developers. Finding security vulnerabilities and fixing them with other non-security bugs during development and test benefits all parties within the organization. This can be done by integrations into bug tracking systems and other development/test tools via API.
Manage & Fix Security Vulnerabilities within Bug Bashing Process
Bug tracking integrations make it easier for development and project management teams to manage and fix security vulnerabilities in the same efficient process as other features or non-security related bugs. No decent application security specialist would recommend automatically placing unaudited findings in bug trackers. Fortify has innovative machine learning-assisted audit predictions and service-based false positive removal to further enhance your ability to automate the bug validation and submission process.
Supported bug tracking integrations include Bugzilla, JIRA, Application Lifecycle Management (ALM)/Quality Center/ Octane, Team Foundation Server (TFS) / Microsoft Visual Studio Team Services (VSTS), Fortify Bugtracker, Fortify WebInspect Enterprise and Unified Functional Testing.
Swaggerized APIs to Rule ‘em All
All Fortify solution APIs (on-premises or on-demand) leverage the Swagger framework to enable design and development of your own integrations with our security solutions while providing the rich, human-understandable documentation that makes quick delivery possible.
Fortify APIs provide a supportable way that you can build your own integrations to enable any workflow that your enterprise may be developing with. DevOps often means treating your infrastructure like code and with our rich endpoints, testing interface, and documentation you truly can.
To successfully secure software, we must make security ready, available, and easily consumable by the DevOps crowd. Fortify will continue to build integrations for necessary tools in the DevOps tool chain and empower you with the extensibility necessary to make the most effective integrations for your enterprise’s unique needs.
This post is part of Fortify Integrations series, starting with the main post, Integrations: Empowering Dev, Test & Ops with Security. Look for my next post coming soon: Make Sense of SAST and DAST.