From the course: Application Security in DevSecOps

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Managing the results

Managing the results

From the course: Application Security in DevSecOps

Start my 1-month free trial

Managing the results

- [Instructor] We spent a lot of time running tools and generating results. But is there a way that security can audit all the results? We could work from the same defect tracking tool that developers use, but let's look at another way. Every tool has its own results. There's no great way to combine results between tools. But many tools export to a common format like XML or JSON that can be easily parsed and read into a reporting tool. We need to look and see how we can get all of these results into a common place. This is an example of a results workflow. The developer checks in their code to the Jenkins instance. From there, all of our different tests can be run. The results of the scan can then be fed into a results application that combines them all together. Just like we have said, stay away from manual imports and manual entry. That's a bottleneck. Focus on the APIs for the import. Once results have been uploaded via…

Contents