Background: Understand: Security Tool Integrations
Permission required: Project Roles->Integration->Verify Task
SD Elements allows you to import static and dynamic testing results from several tools including AppScan (Enterprise and Standard), Fortify, Veracode, WebInspect and Whitehat. Reports can be imported either by importing an exported file or by setting up a web service connection with the tool.
The Security Tools integration page lists:
- previous file imports
- security tool web service connections
We support importing report files from AppScan (Enterprise or Standard), Fortify, Veracode and WebInspect.
Users can import a new report file by clicking the Add Report button, selecting the tool from the dropdown, and uploading the file.
Web Service Import
Since version 2.39, we support importing reports using the web services provided by Fortify and WhiteHat.
Users can add a new web service connection by clicking the Add Report button, selecting the tool from the dropdown, selecting Remote Connection, and then selecting a parent connection.
If your tool is not shown as an option or the Remote Connection option is unavailable, please contact your administrator to configure a connection using the System->Integration menu.
Based on the security tool you select, you have different options. The table below describes the different options for each supported security tool.
Once you have saved a web service connection, you'll be able to import results from the connection using the "Import" button available on the main Security Tools page.
SD Elements supports the use of multiple verification tools as well as manual verification. When you integrate with a security scanning tool, you have three options on how to process the results. These are discussed here: Understand Working with Multiple Verification Tools
SD Elements also provides options on how to interpret the scanning tool results these are discussed here: Understand Working with Verification Tool Results
NOTE: SD Elements does not keep a copy of scan results once imported. If you change project settings after importing a scan result, scan results will not correlate to any newly added tasks. As a result, we suggest that you only import scan data after you have completed modifying the project settings.