The Parasoft Security Bundle is a package tools for your DTP infrastructure that provides visibility into your security compliance efforts. The bundle includes the following tools.
Security Compliance Pack
The Parasoft Security Compliance Pack is a set of artifacts for your DTP infrastructure that help you implement your software security compliance initiatives. It includes configurations that re-orient static analysis data to report violations according to security compliance standards. It also includes widgets for viewing your security compliance status and custom compliance DTP dashboards for monitoring the progress toward your overall security compliance goals. The Security Compliance Pack supports the following standards by default:
- CERT C
- CERT C++
- CWE Top 25
- CWE List Version 2.11
- CWE List Version 3.1
- OWASP Top 10
Read the Security Compliance Pack for DTP 5.4.1 documentation for installation and usage instructions.
OWASP Dependency Check Pack
Parasoft OWASP Dependency Check Pack helps you comply with the OWASP Top 10 2013 entry: A9 Using Components with Known Vulnerabilities guideline. It reads the results the third-party OWASP dependency-check tool and performs the following actions:
- Processes the result file generated by the OWASP dependency-check tool
- Generates reports vulnerabilities
- Sends the data to Parasoft DTP
Vulnerabilities are reported in DTP as violations of the OWASP Top 10 2013 entry: A9 Using Components with Known Vulnerabilities guideline. Merge the data from OWASP Dependency Check Pack with code analysis results from Parasoft Jtest or dotTEST to fully implement an OWASP security compliance initiative.
Read the OWASP Dependency Check Pack documentation for installation and usage instructions.