Scheduled Code Assessment -
Forums » HP Application Security Center » What's on your mind? » Scheduled Code Assessment

Scheduled Code Assessment

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 133
Reply
whips04r Posted: 03-30-2008 8:26 PM
Is there any means to schedule code assessments (i.e. the Static Analysis provided by DevInspect) with the HP ASC suite? DevInspect is the only HP ASC product I know of that has the Static Analysis engine, so is it possible to use DevInspect outside of an IDE and have it generate reports akin to those generated by WebInspect?
http://www.thefreedictionary.com/whipsaw
Top 50 Contributor
Posts 6
Reply
patrick.wolf replied on 04-01-2008 12:51 PM
Right now it is only possible to use DevInspect within an IDE.  I suppose it would be possible with a macro recorder to open the IDE and run a scheduled analysis on the project but there isn't anything in the product right now that will allow this functionality. What is the broader use case you are trying to solve?
Top 10 Contributor
Posts 133
Reply
whips04r replied on 04-03-2008 11:06 PM

Thanks for the response Patrick, the broader use case is essentially:

Automatically run a security assessment on code as the code is (attempted-ly) being "checked-in" to a repository and if vulnerabilities are found do not allow the "check-in", rather report the vulnerabilities in some way/shape/form. The reporting would preferably be documented for historic reference. Thus the use of DevInspect will be enforced prior to code entering the repository.

http://www.thefreedictionary.com/whipsaw
Page 1 of 1 (3 items) | RSS
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems