The Uleska platform takes various security tasks that need to be applied before, during, and after security testing within the CI/CD pipeline and makes it easier to modify the usage and configuration of the tools, then process the results in a way that is meaningful for the overall DevSecOps process.
This makes it easier to set up testing and security tools outside the central logic of CI/CD pipelines. Software security and development teams can then modify how security is running, which tools, how processes are being determined, without having to continually modify CI/CD pipeline logic.Uleska helps solve the following challenges:
Uleska helps with all of the stages of security testing software.
Before CI/CD pipelines are run, the Uleska platform helps bulk onboard various systems, code lines, tools etc. running inside the system so that they are ready to go.
As the CI/CD pipeline is running, simple API calls from the pipeline to the Uleska platform allow it to handle orchestration and vulnerability management for the software security runs inside it. At this point, it also initiates tests at various security tools - these can be commercial, open source, or custom developed tools that allow the overall DevSecOps system to be extensible with the security tools you curate.
Uleska brings all of the results back into one place and organises them.
It can then reapply triaging systems - removing false positives, duplicates, nonsense issues, making sure you are left with the real issues that are applied. At this stage Uleska also applies differentiation between the previous runs. For example, if you have a known backlog of 100 issues, you don’t keep getting alerted for the same 100 issues. Uleska platform looks for the different, brand new issues and the issues that have already been fixed in the latest CI/CD pipeline run.
Automatically prioritises issues based on cyber value at risk. This goes beyond CPSS and other metrics to make sure issues consider the type of data and the environment the system is being used in, and therefore highlights issues that are more problematic to the business and are prioritised higher than others.
Ensures communication of up to date, real time security information is being passed back to CI/CD system, inserted into Jira or alerted in places like Slack, so people can be aware of the most updated state of the security pipeline in the latest CI/CD run. It makes sure security issues are flagged before release and during the working process.
The ability to collect metrics and information over time allows you to show security getting better, what categories of issues are flagging up, and average time to risk and fix. Different metrics for different security tools are auto captured to be used for continuous improvement.