Software Company Case Study

Client Results

Earlier Detection of Security Issues

Via integration of security into build pipelines

Established Security Standards

Agreed on by both security and development teams

Improved and Shared Visibility

Between security and development teams

Integrating Security Testing into CI/CD Pipelines

The security team was using multiple approaches for application security testing, but did not have a unified view of the security state of a build. This created ambiguity about the true set of security issues that needed to be addressed. In addition, there was no shared agreement of what made a build acceptable to release. For the development team, security requirements were unclear and were often dictated late in the project lifecycle. This led to a situation where security signoff became a bottleneck and created significant project risk.

Embedding Build Assessments

They used ThreadFix as the means to integrate security testing into the CI/CD build pipeline. This created a situation where security evaluation is now a part of the testing applied to a build to determine its fitness for deployment.

ThreadFix provides vulnerability consolidation and reports security issues to the development team in a structured manner using their JIRA system. This has created clear communication of security issues to development teams in the tools they are already using.

Policy Standardization

In addition, ThreadFix allows the security teams to craft different security policies for applications with different risk profiles. These policies are agreed upon between security and development, and are tuned to the risk associated with the application, making application security requirements clear to both sets of stakeholders.

Outcome

The end result is that they have earlier knowledge of potential security issues via integration into build pipeline, better and shared visibility between security and development teams, and common and agreed-upon standards for what security requires of development teams for a release.

Take ThreadFix for a test drive.

Request a Demo