Follow

Project: Integrations: Security Tools

Background: Understand: Security Tool Integrations

Permission required: Project Roles->Integration->Verify Task

SD Elements allows you to import static and dynamic testing results from several tools including AppScan (Enterprise and Standard), Fortify, Veracode, WebInspect and Whitehat. Reports can be imported either by importing an exported file or by setting up a web service connection with the tool.

The Security Tools integration page lists:

  • previous file imports
  • security tool web service connections

File Import

We support importing report files from AppScan (Enterprise or Standard), Fortify, Veracode and WebInspect.

Users can import a new report file by clicking the Add Report button, selecting the tool from the dropdown, and uploading the file.

Web Service Import

Since version 2.39, we support importing reports using the web services provided by Fortify and WhiteHat.

Users can add a new web service connection by clicking the Add Report button, selecting the tool from the dropdown, selecting Remote Connection, and then selecting a parent connection.

If your tool is not shown as an option or the Remote Connection option is unavailable, please contact your administrator to configure a connection using the System->Integration menu.

Specific Configuration

Based on the security tool you select, you have different options. The table below describes the different options for each supported security tool.

Fortify
  • Project Name
  • Project Version
WhiteHat
  • Asset Type ("site" or "application")
  • Asset Name
  • Asset ID (optional)

Once you have saved a web service connection, you'll be able to import results from the connection using the "Import" button available on the main Security Tools page.

Common Options

SD Elements supports the use of multiple verification tools as well as manual verification. When you integrate with a security scanning tool, you have three options on how to process the results.  These are discussed here: Understand Working with Multiple Verification Tools

SD Elements also provides options on how to interpret the scanning tool results these are discussed here: Understand Working with Verification Tool Results

NOTE: SD Elements does not keep a copy of scan results once imported. If you change project settings after importing a scan result, scan results will not correlate to any newly added tasks. As a result, we suggest that you only import scan data after you have completed modifying the project settings.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments