Application SecurityProduct

Integration with Jira and GitHub, a unified vision of vulnerabilities

During the development process it is showed the importance of having this service and integration tools so the process can flow in the most secure way.

It is not different when we want our clients to go through the most secure development process,  and one concern is the process of integration and the quantity of information generated by these tools.

Many data, various tools

One problem is that during the development process, there is a lot of data that is generated and needs to be analyzed and treated. This data is important for the entire process to take place to ensure code security.

There are numerous tools we find in development environments, and when we present the process it is common to have some resistance, after all it will be another tool inserted in the process.

The question of centralizing information is one of our concerns and for those who don’t know, and even for those who already use other tools, we always introduce AppSec Flow.

Centralizing information

With our service we can centralize all the development process information in one platform to have all data and structured information delivered to the teams.

The fact of having many tools involved in a development process makes even more challenging its accession. 

Several tools were found as an example of Jira, one of the most used platforms for managing problems.

Jira is often used as a vulnerability management platform by development teams, even if it was not built using it.

However, it has gained many supporters who use it to control the process of fixing their vulnerabilities. Using this tool, the team loses a number of vulnerability views.

For those who still want to maintain their Jira framework, AppSec Flow enables integration between the two platforms, truly creating a suitable environment for remediation of vulnerabilities.

In this way, we can ensure that the secure development process will be seamless through the use of information centralization tools, enabling a more centralized view.

Version control and Code review

Also, it is important to ensure that with each new version a new code review process will begin.

What we usually find is that when there are new versions of a code, there is a team adjustment for a code review.

However, this revision relies on the team’s own control of its releases and what new validations and corrections should be made.

In many cases there is no structured process of controlling new versions to be reviewed and not even controlling which vulnerabilities have already been fixed.

This ultimately makes the development environment an environment where patches have very poor control.

Integration Repository

At this point, we thought about integrating the most popular code repositories on the market, such as GitHub as well as BitBucket, and with that we can ensure that as soon as a new commit is made, a new code review process is started.

The possibility to centralize and participate in an automated process within the development process allows AppSec Flow to help development teams and their managers gain insight into vulnerabilities that have been identified and are being corrected.

Also, if we can centralize all vulnerabilities on one platform, we can ensure that the knowledge gained over time with the applied solutions is maintained and passed on to new team members.

Every process in one platform

But even if we can participate in an automated process, there are still teams that prefer to maintain their ticket management platform, such as Jira.

To achieve this, as we have said, we can maintain integration with Jira-like platforms in two ways, which allows us to send AppSec Flow a vulnerability to be tracked on another platform.

What we try to deliver through AppSec Flow is not a product or even a service, what we deliver is the possibility to help development teams keep their process the way we think is the best.

We deliver a flexible platform that will help build a structured process that is consistent with best practices.

Understanding that the process can be built using platforms that can assist in better visualization brings peace of mind to teams and managers.We want to be part of building a process and structuring that process to help keep code safe in all its aspects.

New call-to-action
About author

Articles

Over 15 years of experience in Information Security and Applications, graduated in Data Processing worked as a Professor and participated actively as an instructor on trainings to more than 6000 developers and IT teams. Father of two daughters and trader on free time.
Related posts
Application Security

Webinar: PIX and the Secure Development

Much has been discussed about PIX, the new digital and instant Brazilian payment system developed by…
Read more
Application Security

Which topics should an AppSec Training Contemplate?

The development market seems to be becoming more and more aware of the need for Application Security…
Read more
Application Security

Webinar - What changes for AppSec Flow with the union of forces between Conviso and N-Stalker

Last September, Conviso and N-Stalker announced that the two companies would now join forces and…
Read more

Deixe um comentário