You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

The Parasoft Security Compliance Pack is a set of assets for your DTP infrastructure that help you implement your software security compliance initiatives. It includes configurations that re-orient static analysis data to security compliance standards, widgets for viewing your security compliance status, and custom compliance DTP dashboards for monitoring the progress toward you overall security compliance goals. The Security Compliance Pack supports the following standards by default:

  • CERT C
  • CWE Top 25 
  • CWE List Version 2.11
  • OWASP Top 10

Contact your Parasoft representative for download and licensing information.

Requirements

  • DTP and DTP Enterprise Pack 5.4.0 or later with Enterprise license
  • A Parasoft code analysis tool with the Flow Analysis license feature enabled. See the documentation for each artifact for specific requirements 

What’s Included in the Parasoft Security Compliance Pack

The Security Compliance Pack includes the following artifacts: 

See the documentation for these artifacts for usage details.

Process Overview

  1. Download and install the Security Compliance Pack (security-compliance-<version>.zip) into your DTP environment. Installing the package add several files that configure DTP to report code analysis violations according the supported security standards. 
  2. Deploy the compliance artifact(s) you want to analyze code against into DTP Extension Designer. 
  3. Connect an instance of your tool to DTP analyze the project using one of the security standard test configurations shipped with the tool. See the documentation for your tool for static analysis execution instructions.
  4. Add the security compliance dashboard(s) and widgets to DTP and configure them to view the data according to your security standard.
  5. Interact with the widgets and reports to identify code that needs to be fixed, as well as print out the reports for auditing purposes.

Installation

  1. Most extensions for DTP Enterprise Pack are downloaded and installed directly from the connected marketplace, but the security-compliance-<version>.zip must be downloaded and installed manually. See Uploading Artifacts for instructions.
  2. Deploy the compliance artifacts you want to use after installation. See Deploying Services.
  3. See the documentation for the Security Compliance Artifacts for next steps:
  • No labels

Need assistance? Visit our support page