Note: See Supported ALM Integrations for a list of ALM tools that can be integrated with SD Elements.
Application Lifecycle Management (ALM) tools help development team stakeholders communicate and keep track of development work such as features, defects, and test cases. Integrating SD Elements and your ALM tool allows your development team to track and update the status of security tasks using the ALM environment they are already familiar with.
After using SD Elements to understand the risk posture of an application, you can export all tasks or a subset of tasks from your SD Elements project to your ALM project, where the tasks appear as work items such as tickets, features or stories. When users "close" or otherwise resolve the work item in the ALM project, the status of the corresponding task in SD Elements is changed to "DONE" when the two tools are synchronized.
You can select how frequently the ALM project is synchronized with SD Elements. The more frequent the synchronization, the more accurate the SD Element task statuses will be at any given time; however, be aware that the overhead on the ALM and SD Elements servers is also increased with frequent synchronization. Note that synchronization occurs as a scheduled “batch process”.
The following process is used to synchronize data between SD Elements and the ALM project:
- SD Elements looks for each individual SD Elements task within the connected ALM project. By default, SD Elements finds the matching ALM work item by searching the titles in the ALM project. For this reason, it is important not to change the ALM work item titles.
- For each SD Elements task:
- If SD Elements does not find the task in the ALM project, a new ALM work item is created with the same title as the task. SD Elements changes the ALM work item’s status, if possible and applicable, to match the task status in SD Elements.
- If SD Elements finds the task in the ALM project, SD Elements checks the status of the work item in the ALM project and compares it to the status of the corresponding task within SD Elements. If they do not match, SD Elements is updated to reflect the status of the ALM project. For example, if a JIRA ticket is marked as "Fixed", then the corresponding SD Elements task is marked as "DONE". Note that you can configure synchronization in the reverse order, so that updates in SD Elements are reflected in the ALM project.
ALM Use Cases
There are two main use cases for ALM integration:
Integrate one SD Elements project with one ALM project
The most common and straightforward use case is to integrate an ALM project with a single SD Elements project. In this scenario, the SD Elements and ALM projects are integrated and synchronized using one of the standard ALM integration methods.
Integrate multiple SD Elements projects with one ALM project
Another common use case is to integrate an ALM project with two or more SD Elements projects. In this scenario, custom lookup fields are used to assign unique identifiers to the SD Elements tasks in order to identify the tasks in the ALM project (instead of identifying tasks by title). This ensures tasks are synchronized accurately, even if multiple tasks have the same title.
ALM Integration Methods
There are two methods of using ALM integration, depending on your network setup.
Integration Within SD Elements
If the SD Elements server can communicate directly with the ALM server (e.g. they are both on the same internal network or both are Software As A Service [SAAS] deployments), then you can use the normal integration process inside of the SD Elements application.
Remote Integration Client
If the SD Elements and ALM servers cannot communicate directly (e.g. SD Elements is accessed via the Internet and the ALM tool is located on the internal network), use the Remote Integration Client. The Remote Integration Client is an application and must be installed on a server or client machine that can communicate with both SD Elements and the ALM tool. For more information, see Remote Onsite Integration With A SaaS Instance.
In both scenarios, integration setup involves two steps:
- (Must be done by an administrator) Set up a system-level connection for the ALM tool. This connection allows you to store detailed configuration information for a particular ALM tool, such as JIRA, and reuse this information each time you connect a project to the ALM tool.
- Set up a project-level connection for the ALM tool. This connection links a specific SD Elements project (or multiple projects) with an ALM tool.