...
Team Reviewer is our default Dashboard and Central Repository. It combines all features provided by the entire Security Reviewer Suite with Vulnerability Management DIscovery & Tracking
Every new version we do Secure Coding, we provide an exceptions-free version with some enhanced features, like:
...
All following Integration Requirement coverages are available both from Web GUI and REST API.
Requirement | Note |
---|---|
On-premise install | Yes, further than Cloud |
Source Code upload | Analyses will be always executed at client-side and source code never leaves the client machine |
HTTPS / TLS | Yes, both |
External M2M support | Yes, through REST API interface, profiled with User, Password and API Key |
LDAP support | Supports LDAP, Microsoft Active Directory, ApacheDS, Fedora 389 Directory and NetIQ/Novell eDirectory |
Local Users | Local users can be defined, i.e. technical support or admin users, for configuring all features available via REST API |
Enhanced password checking, SSO and IAM | Through integration with most IAM solutions (IAMlight, oAuth, SAML, etc.) |
Enhanced Profile management | Each non-local user is associated to a IAM profile, with different attributes for accessing different features depending on profile attributes. Anonymous access is forbidden |
Source Code managed securely | Source code will be accessed at client side only, stored in secure temporary memory buffers, and in encrypted folders. At scan end, source code will be securely wiped both from memory and from encrypted folders |
Extra User Effort required for scan tasks | The system has elevated automation level and does not require an extra effort nor a long leaning curve to fluent usage. See the video: FAQ |
Support for most used programming languages | All versions like desktop, command line, REST API and Dashboard are able to scan 40+ programming languages, mobile apps included. See: Static Reviewer |
Software Composition Analysis | The system is able to scan application dependencies of third-party libraries and frameworks, both for standalone, we and Mobile apps. See: Software Composition Analysis |
Vulnerability Detection helpers | The system makes easy to detect, classify and understand the vulnerabilities found in the app. Each vulnerability is accompanied from technical details and remediation helpers. See: FAQ Q. For each Security Vulnerability, which details are provided? |
Multi-language scan | The system recognizes itself which are the programming languages used to develop the scanned app. See: Static Reviewer |
Developer’s IDE Integration | A large number of IDE plugins are provided. See: IDE Plugins |
Native DAST solution | The system includes a native DAST solution. Further, Team Reviewer correlates results of a number of third-party DAST. See: https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/360493/Team+Reviewer#Results-Correlation |
SDLC Integration | See: SDLC Integration |
SCM and CI Plugins | The system provides native Jenkins and GitLab CI plugins. See: Static Reviewer Further, it provides an integration with most of SCM solutions, GIT, SVN, Azure DevOps and PVCS included. See: SCM Integration |
Change password mandatory at first access | Yes, configurable |
Password expiration | Yes, configurable |
Account protection | Enterprise Account data security relies to IAM. Local accounts are store in encrypted db tables |
Sensitive data | The system does not store Legal, Personal, Network traffic, Localization, OLO data nor other SOAX data |
Messages | The system never includes sensitive data inside Info, warning or Error messages |
Obfuscated Code | The system does not include obfuscated source or binary code |
Intellectual Property | The system makes use of explicit declared open source licenses. No Intellectual Properties are violated |
Third-party components | The system makes use of up-to-date and vulnerability-free third-party components |
Secure Coding | The system is implemented in compliance of Secure Coding standard like OWASP, WASC and CWE. Each new version is Static Analyzed using Security Reviewer Static Analysis and OpenText Fortify. |
Logging | Further than IAM logs, the systems provides access logs and event Static Reviewer |
OWASP Dependency Track
Security Reviewer Suite products automatically publish results to OWASP Dependency Track web app.
...