Means of integrating static source security analysis technology into the software development environment
DOI: 10.31673/2409-7292.2020.035499
DOI:
https://doi.org/10.31673/2409-7292.2020.035499Abstract
The article investigates automation methods and means of integration of static source security analysis technology. The process of software security analysis, which is implemented by the technology of static analysis of the source code, is studied, and the methods of solving the problem of automation and integration of the technology into the source code development environment are offered. The perspective direction of further development of the technology of static analysis of the source code is established.
Keywords: static source code analysis, SAST, software security.
References
1. Software Vulnerability Exploitation Trends report, 2013 [Електронний ресурс] - Режим доступу: https://download.microsoft.com/download/7/2/b/72b5de91-04f4-42f4-a587-9d08c55e0734/microsoft_security_intelligence_report_volume_16_english.pdf
2. Integrating Software Assurance into the Software Development Life Cycle (SDLC) [Електронний ресурс] - Режим доступу: https://www.researchgate.net/publication/255965523_Integrating_Software_Assurance_into_the_Software_Development_Life_Cycle_SDLC
3. Five Ways to Shorten Your Continuous Delivery Cycle [Електронний ресурс] – Режим доступу: https://walrus.ai/blog/2019/11/five-ways-shorten-ci-cd-cycle/
4. Pro Git (український переклад), Configuring Git, Hooks [Електронний ресурс] - Режим доступу: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
5. Preparing to use the Fortify Scan Wizard [Електронний ресурс] - Режим доступу: https://www.microfocus.com/documentation/fortify-static-code-analyzer-and-tools/2010/SCA_Help_20.1.2/index.htm#ScanWizard/PrepUseScanWizard.htm
6. Git [Електронний ресурс] - Режим доступу: https://uk.wikipedia.org/wiki/Git
7. Jenkins [Електронний ресурс] - Режим доступу: https://uk.wikipedia.org/wiki/Jenkins
8. Fortify Security Assistant for Visual Studio [Електронний ресурс] - Режим доступу: https://marketplace.visualstudio.com/items?itemName=fortifyvsts.fortify-security-assistant-visual-studio
9. Official Jenkins plugin for Fortify Static Code Analyzer [Електронний ресурс] - Режим доступу: https://plugins.jenkins.io/fortify/.
10. ―What is IAST?‖ - [Електронний ресурс] - Режим доступу: https://www.synopsys.com/glossary/what-is-iast.html.
