Securing application source code as it is developed and integrating security into builds helps make security part of the development process and decreases overall
Secure Code as it is Developed (aka Shifting-Left)
Provide Immediate Security Feedback in your integrated development environment (IDE)
Fortify Security Assistant is a light-weight source code security analyzer that provides a spell-check-like experience to help developers identify and remove software vulnerabilities in real time as they type. Security Assistant integrates directly into Eclipse, enabling developers to create secure code the first time. (See Security Assistant in action on Fortify Unplugged)
Initiate Scans, View, Audit and Collaborate on Vulnerabilities at IDE
Fortify IDE plugins allow developers to initiate full security scans, retrieve vulnerability findings, audit those findings, and most importantly fix security issues within their native development environment. Consuming security results where the root cause of vulnerabilities are triaged and fixed is a powerful and efficient process (Instead of the traditional dodge ball between dev and sec).
integrated development environment (IDE) plugins give the flexibility to secure code within developer environments including Eclipse, IntelliJ IDEA, Android Studio, WebStorm, JDeveloper, and Microsoft Visual Studio.
Integrate Security into the Build
Build integrations enable automation of static source code scans as part of the build process, providing the most accurate scan of the actual source and dependencies that make up a targeted application. More advanced workflows are possible with build integration that can be configured to mark a build as unstable or failed based upon specified criteria of security results. These workflows are most easily achieved through continuous integration plugins like the Fortify Jenkins plugin.
Build server integrations include integrations with popular build tools like: Ant, Gradle, Jenkins, Maven, MSBuild, XCodeBuild, Bamboo, Microsoft Team Foundation Server (TFS), Microsoft Visual Studio Team Services (VSTS), Hudson, TeamCity, Travis CI. (Please check out Jenkins integration on Fortify Unplugged.)
This post is part of Fortify Integrations series. Look for my next post coming soon: Fix Security within Bug Bashing Process & APIs to Rule ‘em All.