WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE BZ RESEARCH ALMSHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL CALENDAR EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS BZ RESEARCH NEWS ON MONDAY SPTECHREPORT SPTECHWEB SPTECHCON IPHONE/IPAD DEVCON ANDROID DEVCON PRIVACY POLICY CONTACT US

HOME >> LATEST NEWS

Coveros puts continuous integration pieces together

By Jeff Feinman

September 3, 2009 — An application security consulting company thinks there isn’t enough collaboration among open-source builders, so it has rolled out a secure continuous integrator.

Coveros focuses on fixing security problems and helping companies with software quality and agile development. The company today introduced SecureCI, a free product that integrates build management and source code control with open-source application security technologies in order to test Web applications for security vulnerabilities.

“What we found in doing agile development is that there’s a lot of open-source products out there for building and testing your apps, and a lot of people that are using open source are having to integrate all that stuff together themselves,” said Jeffrey Payne, CEO and founder of Coveros.

“Almost everywhere we go, we end up helping them pull all their stuff together. Our thought was, why don’t we take the best-of-breed open-source products that are out there and integrate them so they work out of the box as one solution?”

Payne said SecureCI’s ability to integrate builders and source code controllers for free is what makes the product unique from other build managers. Additionally, Coveros integrates Sonar, an open-source dashboard for analyzing code quality. Sonar uses multiple open-source static code analyzers and gathers the metrics.

“Now you’ve got a package that gathers results from automated tests you set up using Selenium or JUnit, or any of the application security tests you run using Google’s Ratproxy, PMD or FindBugs,” Payne said.

In Coveros’ mind, there are three places in continuous integration where software needs to integrate: build management, bug tracking and process metrics. With build processes, a developer needs to be able to work with Apache Ant or Maven and automatically run regression and unit tests, Payne said. Developers also need to associate defects with the code or requirements used to create the code. Finally, integration is needed to put together all analysis results.

“Our goal is to integrate at all three of those levels, and that way no one has to do that when using a continuous integration suite,” Payne said. “What we’re trying to do is provide open-source integrated solutions that help support the idea of building your software securely.”

Payne added that he was “scratching his head” about what he considers a lack of organizations that integrate open-source application security testers, such as OWASP’s WebScarab and Paros’ Proxy, into continuous integration. SecureCI can implement security best practices into the build management phase of the software development life cycle.

Related Search Term(s): Coveros, open source, security

Share this link: http://sdt.bz/33740

Most Read Latest News Blog Resources

Branching and merging: the heart of version control
Providers hold their own views of the landscape, but the Git SCM system is drawing looks from them all

Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles

Microsoft pivots toward business intelligence
The goal is to make business intelligence accessible "to the masses"

From the Editors: Node.js is unruly, but that’s where the fun is
The time to get involved with Node.js is now; Hadoop is about to break its own barriers

Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists

Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles

Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions

Microsoft pivots toward business intelligence
The goal is to make business intelligence accessible "to the masses"

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.

Ryan Dahl steps down
Ryan Dahl, creator of Node.js, steps back from his position as gatekeeper for the project.

Bloomberg opens its API
Bloomberg's APIs could lead to a future standard for accessing market data.

The Hidden Costs of Software Licensing Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...

Case Study: You May Need a Development Mechanic As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...

Ensuring Software Quality at a Major International Bank One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...

Load Testing Adobe Flex Applications Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan.

Black Duck identifies public projects that may be security risks A survey found that 4,000 open-source projects contained algorithms that would need government approval before export

Git changes how developers manage source code versions At this year's Git Together, developers praise the platform's convenience and its ability to make source control easier. Changes for the future will focus on making it more Web 2.0-compatible by offering more on-demand repositories on GitHub.

Comments

09/15/2009 12:58:46 PM EST

Interesting but hardly new. I can remember off the top of my head CI Factory and Buildix

United StatesZuz

Add comment

Name*
Email*
Country

Comment

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...

News on Monday
more>>
SharePoint Tech Report
more>>

Download Current Issue
FEBRUARY 2012 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?

GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
02/03/2012 12:17 PM EST

Facebook claims hacker cred
Facebook's SEC S-1 filing form includes a short essay on the Hacker Way by Mark Zuckerberg himself.
02/02/2012 08:26 AM EST

Ryan Dahl steps down
Ryan Dahl, creator of Node.js, steps back from his position as gatekeeper for the project.
02/01/2012 04:58 PM EST

Bloomberg opens its API
Bloomberg's APIs could lead to a future standard for accessing market data.
02/01/2012 04:41 PM EST

The case for piracy
In the aftermath of SOPA and PIPA, some copyright holders have begun to embrace piracy as inevitable...and even beneficial.
01/30/2012 02:39 PM EST

Tablet sales boom, but applications lag
The installed base of tablet computers and e-book readers is growing rapidly, but no killer app has yet emerged -- hint, hint.
01/28/2012 05:48 PM EST