Every new version we do Secure Coding, we provide an exceptions-free version with some enhanced features, like:
SAST/IAST/DAST results navigator
SCA results (including legal issues) navigator
SSO (Single Sign-On) link to Firmware Reviewer portal.
Browsing results are provided at two levels: Internal User and Guest User.
All following Intergation Requirement coverages are available both from Web GUI and REST API.
Yes, further than Cloud
Source Code upload
Analyses will be always executed at client-side and source code never leaves the client machine
HTTPS / TLS
External M2M support
Yes, through REST API interface, profiled with User, Password and API Key
Supports LDAP, Microsoft Active Directory, ApacheDS, Fedora 389 Directory and NetIQ/Novell eDirectory
Local users can be defined, i.e. technical support or admin users, for configuring all features available via REST API
Enhanced password checking, SSO and IAM
Through integration with most IAM solutions (IAMlight, oAuth, SAML, etc.)
Enhanced Profile management
Each non-local user is associated to a IAM profile, with different attributes for accessing different features depending on profile attributes. Anonymous access is forbidden
Source Code managed securely
Source code will be accessed at client side only, stored in secure temporary memory buffers, and in encrypted folders. At scan end, source code will be securely wiped both from memory and from encrypted folders
The system makes easy to detect, classify and understand the vulnerabilities found in the app. Each vulnerability is accompained from technical details and remediation helpers. See: FAQ Q. For each Security Vulnerability, which details are provided?
Security Reviewer Suite products automatically publish results to OWASP Dependency Track web app.
We offer support contracts for our enhanced version of OWASP Dependency Track.
Dependency Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components. Dependency Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill-of-Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve. Security Reviewer enhanced Dependency Track adding Static Analysis support.
Dependency Track monitors component usage across all versions of every application in its portfolio in order to proactively identify risk across an organization. The platform has an REST API-first design and is ideal for use in Continuous Integration (CI) and Continuous Delivery (CD) environments, and is the default Security Reviewer Dashboard solution
ServiceNow improves service levels, energizes employees, and enables your enterprise to work at lightspeed. Create, read and update records stored within ServiceNow including Incidents, Questions, Users and Vulnerability Management. Security Reviewer is integrated via REST API
Kenna Security Vulnerability Managemeent solution helps security and risk managers prioritize the vulnerabilities in their infrastructure and the security events disclosed via monitoring activities, enabling more effective security investigation and response operations. Security Reviewer is integrated via a OWASP Dependency Track feature
Code Dx Enterprise is an automated application vulnerability management tool that makes all of your testing tools work together to provide one set of correlated results, then helps you prioritize and manage vulnerabilities—integrating with your application lifecycle management tools so your security and development teams work together for faster remediation. Security Reviewer is integrated via REST API
Micro Focus Fortify SSC
Integration with Micro Focus Fortify SSC is provided via Team Reviewer or OWASP Dependency Track
Integration with SonarQue is provided natively (via CI Plugin) or via Team Reviewer or via OWASP Dependency Track
Integration with ThreadFix is provided natively (via CLI Transformer) or via Team Reviewer or via OWASP Dependency Track
Jira and BugZilla integrations are natives for our Jenkins and Bamboo plugins:
COPYRIGHT (C) 2014-2021 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.