Develop, Test, Release

Policy & Procedure

Infrastructure & Architecture


Develop, Test, Release


Shift Left with Confidence

Saltworks Security can help your organization shift security left and make it a fundamental and ingrained component of your DevSecOps processes. We offer a variety of services designed to help you bake security in, not brush it on after coding has already been completed.

Static Scanning Integration

Static scanning tests the code itself for vulnerabilities. Saltworks Security can integrate static scanning of your applications into your DevOps processes by testing your code for vulnerabilities at all points of production, creating integrated processes, and communicating mitigation information and results.

Dynamic Scanning Integration

Dynamic scanning involves testing the running application for security vulnerabilities. Saltworks Security can integrate dynamic scanning into your DevOps by conducting scans on a regularly scheduled basis, managing repositories, and communicating results at both the developer (mitigation) and executive levels.

Open Source Scanning Integration

While greatly aiding development practices, ‘off the shelf’ open source components cannot be trusted to be secure. Open Source scanning or Software Component Analysis (SCA) can thoroughly test open source components for security vulnerabilities before they are added to any code base, and then periodically re-inspect them to make sure no new vulnerabilities have been introduced.

Secure Release Management

Releasing secure applications requires planning and coordination. Saltworks Security can manage all aspects of releasing a secure application, including post-deployment necessities like:

  • Building a security help desk (Developer to Security service request tracking)
  • Go/No-Go ‘stage gate’ automation (DevOps Release)
  • Executive Metrics (reporting to show which teams are in compliance with policy and viewing vulnerability statistics)


Static Analysis

Saltworks Security application security professionals leverage static analysis tools that check code for security vulnerabilities, including offerings from multiple vendors. All are industry leading solutions designed to find and mitigate security vulnerabilities before applications are released.

Dynamic Analysis

Saltworks Security application security professionals employ dynamic analysis tools that check running applications for security vulnerabilities during development and deployment both. Saltworks Security provides the expert analysis and tool optimization that ensure results are accurate and complete.

Open Source Analysis

While open source components have revolutionized development practices, their security can still be circumspect. Saltworks Security manages open source risk across the entire development life cycle. 

Penetration Testing 

Are your applications subjected to the same real-world attacks malicious actors employ? Organizations can reap security benefits by moving pentesting into the development cycle. Saltworks Security leverages the Cobalt pentesting platform to build serious hacker-like testing into development life cycles and ensure applications are ready to withstand real world attacks.

Chat with An AppSec Expert

SaltMiner: Our Solution for Application Security Posture ManagementLearn More
+ +