Whether you are just starting out with DevSecOps or moving towards an enterprise-wide program, we are here to help. Our Customer Support team will provide the program management and advanced technical support necessary to ramp up and scale your AppSec and DevSecOps initiatives.
The ZeroNorth DevSecOps platform supports the leading AppSec commercial and open source scanning tools including SCA, SAST, DAST, containers and many more. Many open source AppSec scanning are integrated within the ZeroNorth DevSecOps platform and are ready-to-run out-of-the-box, enabling users to quickly ramp up or fill in gaps in the AppSec program.
The ZeroNorth DevSecOps platform seamlessly connects into CI/CD pipelines, and then orchestrates the appropriate AppSec tool to scan the required entity such as source code repositories, build artifacts, URLs, IP addresses and containers. The ZeroNorth DevSecOps platform supports both synchronous (wait for results) and asynchronous (fire and forget) scanning modes.
The ZeroNorth DevSecOps platform includes a set of dashboards and reports that deliver a wide range of high-level analytics on the risk, gaps and overall health of the organization’s AppSec posture and program, together with granular details on vulnerabilities. Reports are available for the enterprise, and for individual business units, product lines, or even individual DevOps pipeline teams.
Through its data refinement process, the ZeroNorth DevSecOps platform can compress thousands of issues from multiple tools into a concise list of vulnerabilities—in some cases achieving a compression rate of 90:1 — making it far easier and simpler to triage, prioritize and fix them.
Yes, the ZeroNorth DevSecOps platform includes the defect density dashboard, which measures the number of confirmed vulnerabilities per 1000 lines of code, normalized across the scan findings from SCA and SAST scanning tools. Additionally, the ZeroNorth DevSecOps platform tracks vulnerability detection and remediation over time.
Yes, the ZeroNorth DevSecOps platform can centrally manage an AppSec program including all the scanning tools, activities, and policies – thereby ensuring that corporate standards for security are maintained consistently across all development teams.
Yes, the ZeroNorth DevSecOps platform offers a comprehensive and well documented API that allows customers to leverage the platform’s data, reports and insights in real-time to support an organization’s specific requirements. Many customers use this API to integrate ZeroNorth date with their organization’s BI and visualization tools of choice.
The ZeroNorth DevSecOps platform integrates with the leading CI/CD pipeline orchestration tools such as GitHub, Atlassian, CircleCI, Jenkins, Microsoft Azure DevOps and JetBrains TeamCity.
The ZeroNorth DevSecOps platform creates remediation tickets and integrates with defect tracking systems such as Jira, Azure DevOps, Slack, ChatOps and other notification solutions—making it easy to streamline the management, routing and tracking of remediation tickets using familiar tools that developers work with every day.
The ZeroNorth DevSecOps platform ingests all scanning data into a central repository and normalizes it into a common risk framework. It then aggregates, dedupes and compresses related issues to remove redundancy, minimize noise (such as false positives) and make vulnerability data useable and operational for developers.
The ZeroNorth DevSecOps platform correlates static code analysis results (SCA and SAST) to dynamic assessment (DAST) results, to filter out inconsequential flaws in the code, and enable developers to focus on vulnerabilities that will impact the application in production. The ZeroNorth DevSecOps platform even includes a trail to the source code where developers should begin remediation.
Yes, the ZeroNorth DevSecOps platform automatically ingests data from application security scanning tools such as historical scanning data files or findings from external scanning tools.
The ZeroNorth DevSecOps platform enables policy-driven scheduling and execution of scans within DevOps pipelines or independently, the escalation or suppression of specific vulnerability types based on risk profiles and business considerations, alerting when certain vulnerabilities are detected, or events occur and much more.