Daily Code Commit

Our Developers check-in code on a daily basis into a central source code repository. SAST tools are run every time code is committed and attempt to highlight vulnerabilities within static source code using techniques such as Taint Analysis and Data Flow Analysis.

Automated Builds

A Continuous Integration (CI) server is continually polling the source repository for changes; when a change occurs, the code is checked out of the repository and built. The built software is stored in a repository manager by the CI server.

Automated Testing

The code is automatically unit tested; code quality tested; code static, dynamic, and interactively security tested; smoke and UI tested; and performance tested. DAST tools are run on operating code to detect issues with interfaces, requests, responses, scripting (i.e. JavaScript), data injection, sessions, authentication, and more. IAST tools are run using knowledge of application and data flow to create advanced attack scenarios.

Automated Delivery

The built version is deployed using provisioning tools that treat infrastructure as code and is integrated into the CDM testing tools, monitoring tools, and processes that may include Splunk, Nessus, McAfee ePO, New Relic, etc.