fbpx

Ensuring success as you journey to true DevSecOps

ZeroNorth

Reach out to us to request help from our Customer Support team.

ZeroNorth Customer Support

Whether you are just starting out with DevSecOps or moving towards an enterprise-wide program, we are here to help. Our Customer Support team will provide the program management and advanced technical support necessary to ramp up and scale your AppSec and DevSecOps initiatives.

  • Tiered support packages to meet the specific needs of each customer
  • Regular business reviews to review and plan program milestones
  • Options to access field engineering and technical consulting resources
Support Portal

Frequently Asked Questions

  • Which AppSec tools does the ZeroNorth DevSecOps platform support?

    The ZeroNorth DevSecOps platform supports the leading AppSec commercial and open source scanning tools including SCA, SAST, DAST, containers and many more. Many open source AppSec scanning are integrated within the ZeroNorth DevSecOps platform and are ready-to-run out-of-the-box, enabling users to quickly ramp up or fill in gaps in the AppSec program.

  • How does the ZeroNorth DevSecOps platform orchestrate AppSec scanning within DevOps pipelines?

    The ZeroNorth DevSecOps platform seamlessly connects into CI/CD pipelines, and then orchestrates the appropriate AppSec tool to scan the required entity such as source code repositories, build artifacts, URLs, IP addresses and containers. The ZeroNorth DevSecOps platform supports both synchronous (wait for results) and asynchronous (fire and forget) scanning modes.

  • What type of AppSec risk analytics does the ZeroNorth DevSecOps platform provide?

    The ZeroNorth DevSecOps platform includes a set of dashboards and reports that deliver a wide range of high-level analytics on the risk, gaps and overall health of the organization’s AppSec posture and program, together with granular details on vulnerabilities. Reports are available for the enterprise, and for individual business units, product lines, or even individual DevOps pipeline teams.

  • To what extent does the ZeroNorth DevSecOps platform compress vulnerability data?

    Through its data refinement process, the ZeroNorth DevSecOps platform can compress thousands of issues from multiple tools into a concise list of vulnerabilities—in some cases achieving a compression rate of 90:1 — making it far easier and simpler to triage, prioritize and fix them.

  • Does the ZeroNorth DevSecOps platform provide any metrics on code quality?

    Yes, the ZeroNorth DevSecOps platform includes the defect density dashboard, which measures the number of confirmed vulnerabilities per 1000 lines of code, normalized across the scan findings from SCA and SAST scanning tools. Additionally, the ZeroNorth DevSecOps platform tracks vulnerability detection and remediation over time.

  • Can the ZeroNorth DevSecOps platform centrally manage my AppSec program?

    Yes, the ZeroNorth DevSecOps platform can centrally manage an AppSec program including all the scanning tools, activities, and policies – thereby ensuring that corporate standards for security are maintained consistently across all development teams.

  • Can I integrate ZeroNorth with other systems?

    Yes, the ZeroNorth DevSecOps platform offers a comprehensive and well documented API that allows customers to leverage the platform’s data, reports and insights in real-time to support an organization’s specific requirements. Many customers use this API to integrate ZeroNorth date with their organization’s BI and visualization tools of choice.

  • Which DevOps tools does the ZeroNorth DevSecOps platform support?

    The ZeroNorth DevSecOps platform integrates with the leading CI/CD pipeline orchestration tools such as GitHub, Atlassian, CircleCI, Jenkins, Microsoft Azure DevOps and JetBrains TeamCity.

  • Does the ZeroNorth DevSecOps platform integrate with defect tracking systems?

    The ZeroNorth DevSecOps platform creates remediation tickets and integrates with defect tracking systems such as Jira, Azure DevOps, Slack, ChatOps and other notification solutions—making it easy to streamline the management, routing and tracking of remediation tickets using familiar tools that developers work with every day.

  • How does the ZeroNorth DevSecOps platform streamline vulnerability data?

    The ZeroNorth DevSecOps platform ingests all scanning data into a central repository and normalizes it into a common risk framework. It then aggregates, dedupes and compresses related issues to remove redundancy, minimize noise (such as false positives) and make vulnerability data useable and operational for developers.

  • How else does the ZeroNorth DevSecOps platform filter out noise and help prioritize vulnerability data?

    The ZeroNorth DevSecOps platform correlates static code analysis results (SCA and SAST) to dynamic assessment (DAST) results, to filter out inconsequential flaws in the code, and enable developers to focus on vulnerabilities that will impact the application in production. The ZeroNorth DevSecOps platform even includes a trail to the source code where developers should begin remediation.

  • Can the ZeroNorth DevSecOps platform ingest application security scanning data from external sources?

    Yes, the ZeroNorth DevSecOps platform automatically ingests data from application security scanning tools such as historical scanning data files or findings from external scanning tools.

  • What types of policies does the ZeroNorth DevSecOps platform support?

    The ZeroNorth DevSecOps platform enables policy-driven scheduling and execution of scans within DevOps pipelines or independently, the escalation or suppression of specific vulnerability types based on risk profiles and business considerations, alerting when certain vulnerabilities are detected, or events occur and much more.

See the ZeroNorth DevSecOps platform in action.