Project security tool integration

Mark the verification status of project tasks using weakness and vulnerability information from the output of scanner tools. With this information, project teams can identify which requirements need further testing by other tools or manually by a testing team. SD Elements projects can integrate with scanning tools in two ways:

  • File upload: Upload a scanning report file containing vulnerability and weakness details from a supported tool.

  • Remote download: Configure a connection to import scan results from a supported tool on a regular basis.

Import results from a scanning report

Import scanning results from a security tool by following the steps below.

Prerequisites:

  1. Report file from a supported scanning tool.

  2. Project setting Project Settings→Development/Test Tools→Development Tools→Uses static or dynamic security code analysis is set in the project survey.

  3. The user is a member of the project.

  4. The user has the following permissions:

    • Project Roles→Tasks→Verify tasks

    • Project Roles→Tasks→Write notes on tasks

    • Project Roles→Tasks→Change task status

Steps

  1. Select a project, then select Integration.

  2. Select the Security Tools Integration tab.

  3. Click Add Report.

  4. Select the scanning tool from the dropdown list.

  5. Select File Upload.

  6. Click Choose File and select the scan report file.

  7. Enter the required information:

  8. Click Import.

Integration is initiated immediately with the weakness information from the selected file. After completion, any applicable project tasks are updated with a new verification status. Project tasks without an update must be verified manually or possibly with a different tool.

Add/Edit a project security tool connection

Create or update an existing project security tool connection by following the steps below.

Prerequisites:

  1. The user is a member of the project.

  2. Project setting Project Settings→Development/Test Tools→Development Tools→Uses static or dynamic security code analysis is set in the project survey.

  3. The user has the following permissions:

    • Project Roles→Tasks→Verify tasks

    • Project Roles→Tasks→Write notes on tasks

    • Project Roles→Tasks→Change task status

Steps

  1. Select a project, then select Integration.

  2. Select the Security Tools Integration tab.

  3. Click Add Report.

  4. Select the scanning tool from the dropdown list.

  5. Select Remote Connection.

    • If this option does not exist please contact your administrator to create a connector for this tool.

  6. Select an existing connector in the Parent dropdown list.

  7. Enter the required information:

    • Parent: Select the system integration connection for the ALM tool, such as JIRA and CA Agile Central.

      • If you do not see the appropriate system connector in the Parent list, contact your administrator to request a new system connector.

    • Behaviour: See Support for multiple verification tools for more information about this option.

    • When verification status is…​: See Working with verification tool results for more information about this option.

    • Additional configuration fields appear.

      • Refer to the scanning tool’s configuration guidance for more details.

      • It is important that you enter the correct values for these fields instead of using the default values to ensure the integration is successful.

  8. Click Import.

The connection is ready to import scan results from the remote tool.

 Initiate a manual import of the connection to validate its configuration.

Delete a project security tool connection

To delete a project security tool connection follow the steps below.

Prerequisites:

  1. The user has permission Project Roles→Tasks→Verify tasks.

Steps

  1. Open the project task list page.

  2. Select Integration.

  3. Select the Security Tools Integration tab.

  4. Click the connection name.

  5. Click Delete Connection at the top of the page.

The connection is removed from the project and no future import operations will occur. The verification details imported previously are not affected by this deletion.

Import scanning results from a connection

Users can import results from a scanning tool after creating a project connection to the scanning tool. Follow the steps below to import the vulnerability and weakness data into the SD Elements project.

Prerequisites:

  1. The user has the permission Project Roles→Tasks→Verify tasks

Steps:

  1. Open the project’s list of Security Tool connections.

  2. Search for the desired connection from the list.

  3. Click the connection’s Import button.

The import process is initiated. It may take a few minutes or more, depending on the size of the scanning tool’s report and the latency between SD Elements and the other server.

During import the integration will update applicable project tasks with a new verification status depending on the report’s weakness/vulnerability information.

Project connection status

A project’s ALM integrations page shows the synchronization status of each connection. The status of an integration will be shown in the "Progress" column, having one of four values:

  1. Not Run: The integration has not yet run.

  2. Working: The integration is underway.

  3. Failed: An error occurred during synchronization.

    • Hover over the "Failed" status to view further details.

    • Check that the user has sufficient permission and any required fields are set for a new ALM issue.

  4. Success: The integration was successful, check the project tasks for an updated verification status.

results matching ""

    No results matching ""