Team Reviewer provides an effective vulnerability discovery, management & tracking, by continuously identifying threats, monitoring changes in your network, discovering and mapping all your devices and software — including new, unauthorized and forgotten ones —, and reviewing configuration details for each asset.
...
On the left hand side the ASVS score is displayed with the desired score, the % of benchmarks passed to achieve the score and the total enabled benchmarks for that AVSV level.
Reports
Static Server Plugin
Static Server Plugin for Team Reviewer reports can be generated in Word, Excel, XML, HTML, AsciiDoc and PDF.
...
Reports can be generated for:
Groups of Products
Individual Products
Endpoints
Product Types
Custom Reports
...
Filtering is available on all Report Generation views to aid in focusing the report for the appropriate need.
Custom reports allow you to select specific components to be added to the report. These include:
Cover Page
Table of Contents
WYSIWYG Content
Findings List
Endpoint List
Page Breaks
The custom report workflow takes advantage of the same asynchronous process described above
Notifications
Team Reviewer can inform you of different events in a variety of ways. You can be notified about things like an upcoming engagement, when someone mentions you in a comment, a scheduled report has finished generating, and more.
The following notification methods currently exist: - Email - Slack - HipChat - WebHook or Alerts within Team Reviewer
...
You can set these notifications on a system scope (if you have administrator rights) or on a personal scope. For instance, an administrator might want notifications of all upcoming engagements sent to a certain Slack channel, whereas an individual user wants email notifications to be sent to the user’s specified email address when a report has finished generating.
In order to identify and notify you about things like upcoming engagements, Team Reviewer runs scheduled tasks for this purpose.
Attached Documents
Products, Engagements and Tests permit to attach one or more documents, like Requirements docs, Project Docs, Evidences, Certifications, Risk Acceptances and any correlated docs you need.
It accepts PDF, Word, Excel and Images file formats.
Security Reviewer’s Security, Deadcode-Best Practices, Resilience and SQALE reports are uploaded as Engagement’s Attached Documents to Team Reviewer using REST APIs.
Results Correlation
Team Reviewer can import and correlate results from the following tools:
Static Reviewer, Security Reviewer Software Composition Analysis (SCA), Security Reviewer Software Resilience Analysis (SRA), Mobile Reviewer and Dynamic Reviewer XML or CSV
HCL AppScan Source ed. and Standard ed. detailed XML Report
Micro Focus Fortify SCA and WebInspect FPR
CA Veracode Detailed XML Report
Checkmarx Detailed XML Report
Rapid7 AppSpider Vulnerabilities Summary XML Report and Nexpose XML 2.0
Acunetix
Anchore
AQUA
Arachni Scanner JSON Report
AWS Prowler and Scout2
Bandit
Synopsys BlackDuck
Brakeman
BugCrowd
Contrast
ESLint
GitLab SAST
GitLeaks
GOast
GOSec
HadoLink
HuskyCI
ImmuniWeb
JFrog XRay
Kiuwan
Burp Suite XML
Nessus (CSV, XML)
NetSparker
NExspose
NPMAudit
OpenSCAP
OpenVAS
PHP Symphony Security Check
Nmap (XML), SQLMap, NoSQLMap (text output)
OWASP ZAP XML and Dependency Check XML
Retire.js JavaScript Scan JSON
Node Security Platform JSON
Qualys XML
SonarQube
Sonatype Nexus
SourceClear
SSLScan
SSLlyze
Snyk JSON
Trivy
Trustwave
PyJFuzz
WhiteSource
WpScan
Generic Findings in CSV format
Team Reviewer can export correlated results to the following tools:
SonarQube
Micro Focus Fortify SSC
Kenna Security
ThreadFix
ServiceNow
See our EcoSystem.
Team Reviewer can access to Firmware Reviewer using Single Sign On (to be purchased separately) it is able to run Static Analyses over a Source Code Folder, and Software Composition Analyses directly from Team Reviewer.
You can do:
Static Analyses
Software Composition Analyses
Mark False Positives
Enable/Disable and change Severity of existing Vulnerability Detection Rules
Add Custom Rules
Declare Recurrent False Positives by Evidence
You start Source Code Inspections clicking Static Analysis in the main Dashboard:
...
The Static Analysis features are the same of Static Reviewer Desktop, but centralized and accessible by any browser:
...
You can massively mark False Positives using our smart interface:
...
You can Enable/Disable and change Severity of existing Vulnerability Detection Rules (authorized users only):
...
You can create your Custom Rules (authorized users only):
...
You can declare Recurring False Positives by Evidence (authorized users only):
...
Reports
Team Reviewer stores reports generated with:
Static Reviewer Desktop
Static Reviewer CI/CD plugins for Jenkins and GitLab
SCA Reviewer Destkop
SCA Reviewer CI/CD plugins for Jenkins and GitLab
Dynamic Reviewer
Mobile Reviewer
...
Further, you can create your own custom reports by using Team Reviewer Report Generator.
Team Reviewer custom reports can be generated in Word, Excel, XML, HTML,and AsciiDoc. If you need different formats, open the Word reports and choose Save As…
...
Reports can be generated for:
Groups of Products
Individual Products
Endpoints
Product Types
Custom Reports
...
Filtering is available on all Report Generation views to aid in focusing the report for the appropriate need.
Custom reports allow you to select specific components to be added to the report. These include:
Cover Page
Table of Contents
WYSIWYG Content
Findings List
Endpoint List
Page Breaks
The custom report workflow takes advantage of the same asynchronous process described above
Notifications
Team Reviewer can inform you of different events in a variety of ways. You can be notified about things like an upcoming engagement, when someone mentions you in a comment, a scheduled report has finished generating, and more.
The following notification methods currently exist: - Email - Slack - HipChat - WebHook or Alerts within Team Reviewer
...
You can set these notifications on a system scope (if you have administrator rights) or on a personal scope. For instance, an administrator might want notifications of all upcoming engagements sent to a certain Slack channel, whereas an individual user wants email notifications to be sent to the user’s specified email address when a report has finished generating.
In order to identify and notify you about things like upcoming engagements, Team Reviewer runs scheduled tasks for this purpose.
Attached Documents
Products, Engagements and Tests permit to attach one or more documents, like Requirements docs, Project Docs, Evidences, Certifications, Risk Acceptances and any correlated docs you need.
It accepts PDF, Word, Excel and Images file formats.
Security Reviewer’s Security, Deadcode-Best Practices, Resilience and SQALE reports are uploaded as Engagement’s Attached Documents to Team Reviewer using REST APIs.
Results Correlation
Team Reviewer can import and correlate results from the following tools:
Static Reviewer, Security Reviewer Software Composition Analysis (SCA), Security Reviewer Software Resilience Analysis (SRA), Mobile Reviewer and Dynamic Reviewer XML or CSV
HCL AppScan Source ed. and Standard ed. detailed XML Report
Micro Focus Fortify SCA and WebInspect FPR
CA Veracode Detailed XML Report
Checkmarx Detailed XML Report
Rapid7 AppSpider Vulnerabilities Summary XML Report and Nexpose XML 2.0
Acunetix
Anchore
AQUA
Arachni Scanner JSON Report
AWS Prowler and Scout2
Bandit
Synopsys BlackDuck
Brakeman
BugCrowd
Contrast
ESLint
GitLab SAST
GitLeaks
GOast
GOSec
HadoLink
HuskyCI
ImmuniWeb
JFrog XRay
Kiuwan
Burp Suite XML
Nessus (CSV, XML)
NetSparker
NExspose
NPMAudit
OpenSCAP
OpenVAS
PHP Symphony Security Check
Nmap (XML), SQLMap, NoSQLMap (text output)
OWASP ZAP XML and Dependency Check XML
Retire.js JavaScript Scan JSON
Node Security Platform JSON
Qualys XML
SonarQube
Sonatype Nexus
SourceClear
SSLScan
SSLlyze
Snyk JSON
Trivy
Trustwave
PyJFuzz
WhiteSource
WpScan
Generic Findings in CSV format
Team Reviewer can export correlated results to the following tools:
SonarQube
Micro Focus Fortify SSC
Kenna Security
ThreadFix
ServiceNow
See our EcoSystem.
Team Reviewer can access to Firmware Reviewer using Single Sign On.
Authentication via LDAP/AD
LDAP (Lightweight Directory Access Protocol) is an Internet protocol that web applications can use to look up information about those users and groups from the LDAP server. You can connect the Team Reviewer to an LDAP directory for authentication, user and group management. Connecting to an LDAP directory server is useful if user groups are stored in a corporate directory. Synchronization with LDAP allows the automatic creation, update and deletion of users and groups in Team Reviewer according to any changes being made in the LDAP directory.
REST API
Team Reviewer is built using a thin server architecture and an API-first design. API’s are simply at the heart of the platform. Every API is fully documented via Swagger 2.0.
...
Team Reviewer is based on open source software developed by Aaron Weaver (OWASP Defect Dojo Project)
COPYRIGHT (C) 2014-2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.