Whether you're using our SaaS platform, or hosting it in-house, you can save time and money checking the security of your software. Everything can be done through our user interface, or our fully featured API. Here's an overview of how it works:
1) Easy setup
Just tell the Uleska DevSecOps Platform some information about your application and it'll do the rest:
If you want to hook into Jira or Slack systems, or add pictures/text/logos to your generated reports, you can go ahead and do that too for all your applications.
2) Trigger your testing
How you run your security testing is up to you. Maybe you want to kick it off manually during a project, maybe you want a set of security tests upon a pull request, or maybe you want security testing wrapped into the DevOps process. You can do any of these, and mix and match between different projects or builds as suits.
You can configure different sets of security tests for different stages of development. Kicking off a suite of security tests comes down to a single API call, meaning you can:
Got other ways you want to start testing, just let us know - the stranger the better! We've even hooked up to an Alexa skill to run testing from voice commands for fun.
3) Let the security testing run
Look mom, no hands! The Uleska DevSecOps Platform automates and orchestrates the security tools to check your software through our tool integrations. This makes security testing easy. You don't need a security expert to give you results, just point and click. We've had many untrained people run extensive security testing using our system, including one of our teams' 12 year old daughters (though that's because she's really smart).
Note these security can include the fullest featured commercial tools, down to single custom tools you've created, and everything in between. Check out the many great open source security tools that penetration testers use every day (and did we mention they're free?).
4) Collect results
Since the Uleska DevSecOps Platform is automating and orchestrating, it collects all the results from all of your tools and brings them into one place. Each test run is recorded and compared against previous runs (see later).
This saves your team from copy/pasting from those two appsec tools, that cloud check, the network scanning tool, the two container checking systems, and those 8-10 security scripts Dave and Diane wanted run every time after that 'incident'.
It's never fun to triage. It's even less fun to do it over and over again. Some commercial tools allow you to set false positives, but most security tools out there don't.
The Uleska DevSecOps Platform implements a number of features that helps you save time, and introduce consistency, on issue triaging:
6) Results and Reports
When the security testing has been automatically triggered, run, collected, & triaged, the reports and updates are automatically generated (because who wants to manually create these?).
Updates are sent to Jira or Slack (more integrations coming), results can be polled from DevOps systems over the API so you can see if anything major has been introduced before going live, and customizable PDF (or CSV) security reports can be generated to share with stakeholders or clients.
Furthermore, statistics are also generated showing issues/risk for teams and applications, showing trends over time, showing the most often occurring risks, or how your matching up against regulations (depends on your plan). All of this is available through our UI, API, or GraphQL interfaces.