Policy & Procedure
Infrastructure & Architecture
Develop, Test, Release
Static Scanning Integration
Static scanning tests the code itself for vulnerabilities. Saltworks Security can integrate static scanning of your applications into your DevOps processes by testing your code for vulnerabilities at all points of production, creating integrated processes, and communicating mitigation information and results.
Dynamic Scanning Integration
Dynamic scanning involves testing the running application for security vulnerabilities. Saltworks Security can integrate dynamic scanning into your DevOps by conducting scans on a regularly scheduled basis, managing repositories, and communicating results at both the developer (mitigation) and executive levels.
Open Source Scanning Integration
While greatly aiding development practices, ‘off the shelf’ open source components cannot be trusted to be secure. Open Source scanning or Software Component Analysis (SCA) can thoroughly test open source components for security vulnerabilities before they are added to any code base, and then periodically re-inspect them to make sure no new vulnerabilities have been introduced.
Secure Release Management
Releasing secure applications requires planning and coordination. Saltworks Security can manage all aspects of releasing a secure application, including post-deployment necessities like:
- Building a security help desk (Developer to Security service request tracking)
- Go/No-Go ‘stage gate’ automation (DevOps Release)
- Executive Metrics (reporting to show which teams are in compliance with policy and viewing vulnerability statistics)