Xanitizer can easily be integrated into any build management server to make it an essential part of your software development life cycle (SDLC). This way you can prevent that new code introduces new vulnerabilities and you can monitor the security enhancements of your projects.
As a static application security testing tool, Xanitizer can be integrated just after the compilation phase of your application build. It is not necessary to install or deploy your runnable application to execute a Xanitizer security analysis on it.
During an automated regular security analysis, Xanitizer parses and analyzes the code, detects vulnerabilities and generates reports. If Xanitizer finds new vulnerabilities, the integration can be configured to break the build of your application with an error to prevent to introduce them. The generated reports can also be used to integrate Xanitizer into different management tools and the findings can be exported into collaboration and issue tracking systems.
If you have any additional questions on how you can integrate Xanitizer into your software development life cycle, please do not hesitate to contact us
Jenkins is an open source automation server. It provides hundreds of plugins to support building, deploying and automating any project.
As a build job, the Xanitizer Jenkins plugin integrates seamlessly Xanitizers security analysis into the build process to detect vulnerabilities in your applications. You can download the latest release of the plugin here.
Apache Maven is a software project management and comprehension tool for Java applications. It can manage a project's build, reporting and documentation from a central piece of information.
Xanitizers security analysis can easily be added into the verify phase of your Maven build or run as a separate goal by using the Maven plugin for Xanitizer from RIGS IT's Maven repository.
Apache Ant is a Java library and command line tool whose mission is to drive processes described in build files as targets. It supplies a number of built-in tasks allowing to compile, assemble, test and run Java applications. Ant can also be used effectively to build non Java applications or to pilot any type of process which can be described in terms of targets and tasks.
Each installation of Xanitizer contains also several Ant tasks which can be used to detect security vulnerabilities in your applications during your Ant build.
Command Line Interface
Xanitizers command line interface enables the integration of Xanitizers security analysis in any kind of build system to detect vulnerabilities in your applications.
Atlassian's Jira is the most widely known software development tool used by agile teams for project management and bug & issue tracking. Beside it can be used to manage the status for any type of project.
Security vulnerabilities detected by Xanitizer can be easily exported into Jira as an issue task to track each piece of work that needs to pass through the workflow steps to fix it.
SonarQube is a code quality management platform. Different plugins are available to detect bugs, vulnerabilities and code smells in your applications.
The Xanitizer plugin enhance SonarQube's feature set to detect security vulnerabilities. For that, it transfer the Xanitizer's findings into the dashboard, drilldown pages and time machine. The open source plugin itself is available on GitHub.
DefectDojo is an OWASP Application Security Program tool that automates application security vulnerability management. It streamlines the application security testing process by offering features such as importing third party security findings, merging and de-duping, integration with Jira, templating, report generation, and security metrics.
DefectDojo contains a scanner which imports Xanitizer's XML findings list reports, so you can manage your findings in DefectDojo. The tool itself is available on GitHub.
Jackhammer is a collaboration tool built with the aim of bridging the gap between security teams, developer teams, and QA teams, and being the facilitator for TPM to understand and track the quality of the code going into production. It finds security vulnerabilities in the target applications by using plugins and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments.
The integration into the open source tool Jackhammer is part of the tool itself and is also available on GitHub.