Integration Into Your SDLC
Xanitizer can easily be integrated into any build management server to make it an essential part of your software development life cycle (SDLC). This way you can prevent that new code introduces new vulnerabilities and you can monitor the security enhancements of your projects.
As a static application security testing tool, Xanitizer can be integrated just after the compilation phase of your application build. It is not necessary to install or deploy your runnable application to execute a Xanitizer security analysis on it.
During an automated regular security analysis, Xanitizer parses and analyzes the code, detects vulnerabilities and generates reports. If Xanitizer finds new vulnerabilities, the integration can be configured to break the build of your application with an error to prevent to introduce them. The generated reports can also be used to integrate Xanitizer into different management tools.
Xanitizer's build integration comprises an Apache Ant task, an Apache Maven goal and a command line interface to integrate it with any other build system. The Maven plugin for Xanitizer is provided from RIGS IT's Maven repository.
If you have any additional questions on how you can integrate Xanitizer into your software development life cycle, please do not hesitate to contact us.
Integration Into Your Management Tools
Both integrations transfer the security relevant Xanitizer findings into these management tools. After the transfer, it is possible to view Xanitizer's findings in their dashboards, drilldown pages and time machines.
The integration for SonarQube is based on an open source plugin, which is available on GitHub.
The integration into the open source tool Jackhammer is part of the tool itself and is also available on GitHub.
Additionally, you need a Xanitizer installation, because both integrations do not run a security analysis by themselves - they just collect the results of such an analysis.
If you would like to integrate the results of a Xanitizer security analysis into a management tool of your choice, please do not hesitate to contact us.