Integrations: Secure Code as Developed & Secure Builds

0 0 1,065


Securing application source code as it is developed and integrating security into builds helps make security part of the development process and decreases overall

 Secure Code as it is Developed (aka Shifting-Left)

Provide Immediate Security Feedback in your integrated development environment (IDE)

Fortify Security Assistant is a light-weight source code security analyzer that provides a spell-check-like experience to help developers identify and remove software vulnerabilities in real time as they type. Security Assistant integrates directly into Eclipse, enabling developers to create secure code the first time. (See Security Assistant in action on Fortify Unplugged)

Initiate Scans, View, Audit and Collaborate on Vulnerabilities at IDE

Fortify IDE plugins allow developers to initiate full security scans, retrieve vulnerability findings, audit those findings, and most importantly fix security issues within their native development environment. Consuming security results where the root cause of vulnerabilities are triaged and fixed is a powerful and efficient process (Instead of the traditional dodge ball between dev and sec).

integrated development environment (IDE) plugins give the flexibility to secure code within developer environments including Eclipse, IntelliJ IDEA, Android Studio, WebStorm, JDeveloper, and Microsoft Visual Studio.

Integrate Security into the Build

Build integrations enable automation of static source code scans as part of the build process, providing the most accurate scan of the actual source and dependencies that make up a targeted application. More advanced workflows are possible with build integration that can be configured to mark a build as unstable or failed based upon specified criteria of security results. These workflows are most easily achieved through continuous integration plugins like the Fortify Jenkins plugin.

Build server integrations include integrations with popular build tools like: Ant, Gradle, Jenkins, Maven, MSBuild, XCodeBuild, Bamboo, Microsoft Team Foundation Server (TFS), Microsoft Visual Studio Team Services (VSTS), Hudson, TeamCity, Travis CI. (Please check out Jenkins integration on Fortify Unplugged.) 

This post is part of Fortify Integrations series. Look for my next post coming soon: Fix Security within Bug Bashing Process & APIs to Rule ‘em All.

About the Author
Application Security, Penetration Testing, Security
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.