Across industries, developers and DevOps teams rely on routine, repetitive processes to log and manage their software security vulnerabilities. But these processes are often inefficient, and they don’t require creative human thought. Although opening or closing a ticket in a defect management system (such as JIRA), or initiating a scan during the CI process to deliver more-secure software are essential, they’re often viewed as mundane. These are considered mundane tasks because they typically require developers to navigate between various systems, copying and pasting as they go. By and large, your developers would rather not have to execute these processes, since they’re considered boring and take a lot of time – which can hinder time to market. In addition, these task can cause friction between development and DevOps teams. This is where Checkmarx automation & orchestrating solution, CxFlow, comes into place. By introducing an end-to-end automation and orchestration flow from scanning to ticketing, it provides faster adoption, and a higher rate of application/project onboarding.  

Drive More Intelligent CI/CD Pipeline

CxFlow integrates with modern development ecosystem platforms such as GitHub, GitLab, BitBucket, and Azure DevOps. By integrating early in the development life cycle, CxFlow reduces the friction between the Development and DevOps teams that typically exists when setting up AST automation in the CI pipeline. With CxFlow, AppSec team can adhere to strict compliance regulations and set up rules to initiate a scan per time-period, per build, or per an organization’s software security policy. In addition, it enables organizations to unify their security vulnerability findings in defect management systems. For example, scan results can be returned directly to the developer as a GIT issue, so that the results are actionable, thus expediting the time to remediation.  In addition, to further reduce the time to remediate, tickets points developers to a dedicate lesson in Codebashing, in which they can learn how to fix the issue. Finally, its centralized management capabilities further simplify the automation process, and allow seamless end-to-end integration – from scan initiation, to ticketing systems like JIRA as shown below:

Summary

The main goal of any application security testing program is to reduce enterprise risk without hindering software release cycles, which is best achieved through thoughtful planning and implementation of security testing automation. However, this often remains an obstacle for today’s organizations. With CxFlow, Checkmarx addresses these automation challenges with a best-in-class solution and methodology that supports the ‘you code it, you own it’ philosophy. This allows organizations to detect and remediate software vulnerabilities within fast-paced development environments. More information can be found here.