Today, our development team added HP Fortify integration with Risk I/O. HP Fortify is a static analysis tool that looks at the source code of an application to identify security flaws within. Fortify’s Static Application Security Testing (SAST) results provide an inside-out view of the vulnerabilities that exist in a software program compared to Dynamic Application Security Testing (DAST) that provide more of an outside-in view. When plugged into Risk I/O, mutual customers can dramatically improve their ability to fix security issues in a timely manner through a very unique view of their application flaws.
With the introduction of this static analysis integration, Risk I/O users gain a tremendous advantage in the speed in which they fix and remediate application vulnerabilities. By correlating security findings from dynamic scanners with a source code analysis tool, dependent on the findings, our users may go as far as identifying the offending source code associated with a vulnerability found by their dynamic application scanner. Combine this with our bug tracking integration and Risk I/O customers can go from scanner finding to fixed at the source faster than ever before!
Fortify customers can easily connect their scanner to Risk I/O by simply completing a single field form. New customers can try our product using our forever free version.
Our development team has been working hard on increasing the number of connectors that we offer to our users, but our list has room to grow. Please let us know if there’s a vulnerability assessment tool integration we’re missing that you’re currently using.