News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

People Power enters the green technology market
People Power launches SuRF Developer's Kit for developers looking to get into green technology.
03/16/2010 11:51 AM EST

Windows Phone 7 will not support HTML 5
Windows Phone 7 will not support HTML 5.
03/15/2010 05:51 PM EST

3/14/2010 to 3/18/2010
Seattle, Wa.
SHARE

Cloud Connect

3/15/2010 to 3/18/2010
Santa Clara, Calif.
TechWeb

SharePointPro Summit & Expo

3/16/2010 to 3/19/2010
Las Vegas
Penton Media

TheServerSide Java Symposium

3/17/2010 to 3/19/2010
Las Vegas
TechTarget

EclipseCon

3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS EDITORIALS GUEST VIEWS SHORT TAKES DATA WATCH SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 EDITORS' BLOG

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH SYSMANNEWS SPTECHCON ESDC IPHONEDEVCON PRIVACY POLICY CONTACT US

Printable version

HOME >> LATEST NEWS

Most Read Latest News Blog Resources

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Even with its success, .NET causes some consternation
Despite its popularity, the developer community believes that .NET isn't being fully serve...

Guest View: The half-agile path leads nowhere
While businesses are taking on agile and adopting its practices, an incomplete implementat...

Going 'all in' on .NET as default runtime
Programmers for Windows Phone 7 will need to use Silverlight and XNA for development

nVidia updates CUDA tools
Latest version helps developers turn desktops and servers with high-end GPUs into more pow...

Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.

People Power enters the green technology market
People Power launches SuRF Developer's Kit for developers looking to get into green technology.

Windows Phone 7 will not support HTML 5
Windows Phone 7 will not support HTML 5.

Overcoming Development Challenges with Open Source Open source software can help you with your application development challenges. It doesn’t...

Accelerate Services and the Cloud Business units, functional groups, and different divisions of companies across industries...

Enterprise Mashup Platforms for Today’s Increasingly Complex and Real-Time Context Enterprise Mashups offer your company a new way to connect data from inside and outside yo...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Coveros puts continuous integration pieces together

By Jeff Feinman

September 3, 2009 —

An application security consulting company thinks there isn’t enough collaboration among open-source builders, so it has rolled out a secure continuous integrator.

Coveros focuses on fixing security problems and helping companies with software quality and agile development. The company today introduced SecureCI, a free product that integrates build management and source code control with open-source application security technologies in order to test Web applications for security vulnerabilities.

“What we found in doing agile development is that there’s a lot of open-source products out there for building and testing your apps, and a lot of people that are using open source are having to integrate all that stuff together themselves,” said Jeffrey Payne, CEO and founder of Coveros.

“Almost everywhere we go, we end up helping them pull all their stuff together. Our thought was, why don’t we take the best-of-breed open-source products that are out there and integrate them so they work out of the box as one solution?”

Payne said SecureCI’s ability to integrate builders and source code controllers for free is what makes the product unique from other build managers. Additionally, Coveros integrates Sonar, an open-source dashboard for analyzing code quality. Sonar uses multiple open-source static code analyzers and gathers the metrics.

“Now you’ve got a package that gathers results from automated tests you set up using Selenium or JUnit, or any of the application security tests you run using Google’s Ratproxy, PMD or FindBugs,” Payne said.

In Coveros’ mind, there are three places in continuous integration where software needs to integrate: build management, bug tracking and process metrics. With build processes, a developer needs to be able to work with Apache Ant or Maven and automatically run regression and unit tests, Payne said. Developers also need to associate defects with the code or requirements used to create the code. Finally, integration is needed to put together all analysis results.

“Our goal is to integrate at all three of those levels, and that way no one has to do that when using a continuous integration suite,” Payne said. “What we’re trying to do is provide open-source integrated solutions that help support the idea of building your software securely.”

Payne added that he was “scratching his head” about what he considers a lack of organizations that integrate open-source application security testers, such as OWASP’s WebScarab and Paros’ Proxy, into continuous integration. SecureCI can implement security best practices into the build management phase of the software development life cycle.

Related Search Term(s): Coveros, open source, security

Share this link: http://www.sdtimes.com/link/33740

Black Duck identifies public projects that may be security risks A survey found that 4,000 open-source projects contained algorithms that would need government approval before export

Git changes how developers manage source code versions At this year's Git Together, developers praise the platform's convenience and its ability to make source control easier. Changes for the future will focus on making it more Web 2.0-compatible by offering more on-demand repositories on GitHub.

Cigital releases a set of rules to boost Java security The Java Security Rulepack adds on to Fortify's vulnerability category base. The rules are open source, allowing users to modify them as needed, and include a group of security checks that work with source Code Analyzer 4.5 and up.

Comments

09/15/2009 12:58:46 PM EST

Interesting but hardly new. I can remember off the top of my head CI Factory and Buildix

United StatesZuz

Add comment

Name*
Email*
Country

Comment
Preview

HOME SITE MAP CURRENT ISSUE BACK ISSUES SUBSCRIBER SERVICES ABOUT US CONTACT US BZ MEDIA

Coveros puts continuous integration pieces together

By Jeff Feinman

Related Articles

Comments

Add comment