SCAT is a process integrity tool, implementing a consistent, authorized and auditable software development process
SCAT is used by development teams to build, verify and assure secure software
Build: uses a combination of code level guidance, on demand training and DAST tools to train, guide and verify correct implementation
Verify: uses a combination of manual test plans and SATS tools to guide and verify correct implementation
Assure: centrally stores and publishes evidence of secure development and testing as an audit trail. Providing traceability through requirements and proving that security controls operate efficiently over a period of time
SCAT is not a point in time security verification tool for detecting vulnerabilities after development
Process integrity and point in time tools: How they work in the SDLC
Without further complicating development environment
SCAT is a simple 5 screen MVC, C# web application with a small footprint that can be deployed without further complicating development environment
Integrates with Jira and runs ZAP and SonarQube in docker containers
SCAT is part of three domains to consider when securing software development. I've detailed the other domains in an article that will be published in the Nov/Dec issue of the ISC2 magazine, I will add a link here after publication.
See how developers use SCAT
See below how the Secure code assurance tool integrates security into software development phases
Sprint planning phase
Objective: Ensures security requirements are understood
Developers use the Identify risks screen to
Select the critical function to developing/changing
Identify the technologies used
Automatically generate the security requirements and tests
This program is free software: you can redistribute it and/or modify it under the terms of the link GNU Affero General Public License 3.0 as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
The OWASP® Foundation works to improve the security of software through its community-led open source software projects,
hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.