Identify & Monitor
1. DescribeInformation is gathered about the language, platform, features, compliance, and tools in order to determine the relevant threats and countermeasures, using automated sources (via integration with source code repos or asset management systems) and/or a simple project survey.
2. ClassifyAfter discovering the attributes of the application, SD Elements automatically classifies it based on inherent risk and defines a set of relevant, actionable tasks derived from controls defined in the security & compliance policy commensurate with its classification.
3. Identify & MonitorUse API integrations to connect development tasks and process tasks with automated tools.
When the tasks are automated, users can integrate with tools like static analysis or cloud security posture management to track compliance, while manual tasks - such as changing default credentials - can be synced with ticketing systems like JIRA or ServiceNow for completion by IT and development teams.
4. ValidateTest results are easily imported from security tools likeMicro Focus Fortify & WebInspect, IBM AppScan, Veracode, Checkmarx, WhiteHat, and other popular scanning tools. Imported data is matched to controls for validation and compliance reporting.
Planned scanner integrations include SonarQube, Coverity, Nessus, OWASP Dependency Check, Sonatype, Qualys, Rapid7, Palo Alto Prisma & Dome9.
5. ReportSave time during audits and security reviews with robust tailored reporting that enables you to track progress, profile the risk, and generate audit compliance reports instantly
Also includes detailed activity logs for audits and custom reporting capabilities.
SD Elements integrates with DevOps tools, such as Jenkins, Microsoft Azure DevOps Pipelines, XebiaLabs XL Release so that DevOps teams can hook get a near-real time status of compliance to minimum security standards and fail builds or deployments if necessary.