SD Elements automates software security requirements across the SDLC – software development life cycle. It profiles project requirements, defines probable project/application specific security defects and creates Tasks as a way of preventative controls.
Adding another tool to the long list of tools across the ALM toolchain increases cost and time overheads, necessitates transparency, cross-tool traceability and thereby needs to be connected or integrated with other ALM tools for centralized viewing and reporting of project progress.
Kovair SD Elements Integration Adaptor
Kovair SD Elements Integration Adapter allows SD Elements to connect to Kovair Omnibus Integration Platform and in-turn get integrated with other ALM tools in the eco-system. The integration provides a convenient way for managing risks, create and validate a method of deploying secure software. Tasks created by SD Elements act as contextually relevant security checkpoints for preventive controls in various phases of the SDLC and provide a mechanism to triage the defects through priority scores. Knowing security controls up-front allow development teams to build cost estimates and prioritize security issues. Project stakeholders can decide to accept risks at the planning stage.
This integration is achieved using two components:
- Kovair SD Elements Integration Adapter: It is a WCF service that exposes SD Element entities, attributes, and relations and contains a database to keep track of SD Elements events and actions.
- Kovair SD Elements Event Service: It is an Event listener service that collects SD Elements’ events and sends them to the adapter.
|Entities Exposed||Events Collected||Actions Supported|
|Tasks||Add, Edit, Comment||Add, Edit, Comment|
Need for integrating SD Elements with Kovair
- Security Requirements Traceability – When SD Elements is integrated into the Kovair ALM system using Kovair SD Elements Integration Adapter, the security requirements created and maintained by SD Elements gets exposed as Tasks. These Tasks are generated encompassing all functional areas of SDLC i.e. from project initiation to production deployment and maintenance or phase out. So the artifacts can be included in traceability graph along with other ALM or Project and Portfolio Management (PPM), Requirements Management, Defect Management tools. Thus cross-tool traceability can easily be established.
- Risk Management – SD Elements integration into Kovair ALM ecosystem introduces preventive actions against potential threats and vulnerabilities saving developers valuable cost & time for defect fixes.
- Compliance – SD Elements integration into Kovair ALM ecosystem allows applications to be compliant with government/ industry or project specific requirements
- Defect Tracking – The security requirements as identified by SD Elements can be logged into defect tracking systems, such as JIRA and Bugzilla and then be actioned upon according to priorities.
- Consolidated Reporting – SD Elements integration into Kovair ALM ecosystem allows diverse range of stakeholders like PMO (Project Management Office), Release Managers, business analyst, QA teams, security advisors, customers to view consolidated reports on project progress for security concerns, compliance issues and product quality.
Note: The adapter as developed and offered by Kovair follows the subject tool’s standard specifications. Any deviations from the tool’s typical use pattern may not have been anticipated in our off-the-shelf product. For any customization or special configuration needs, please contact Kovair Sales – email@example.com
BENEFITS & FEATURES
- Bi-directional synchronization of SD Elements artifacts – Tasks.
- Easy to configure and customize using web based codeless configuration screens.
- SD Elements provide security requirements, prioritize vulnerabilities, configure rules to invoke application security and allow delivery of robust software.
- The integration allow integrated ALM/ Defect tools to consume security statistics, metrics, and compliance reports.
- Allows developers to improve code quality standards by undertaking preemptive actions for security threats beforehand than wait for defects to arise and thereby saves cost and time.
- Allows the QA/Testers to create and execute manual security test plans based on security requirements.
- Allows centralized view of project progress