Methods and systems for multi-tool orchestration
First Claim
1. A system for performing code security scan, comprising:
- a non-transitory computer readable medium storing;
a plurality of identifiers each identifying a software security analysis tool, the plurality of identifiers comprising;
a first identifier identifying a first software security analysis tool of a first category for performing Static Application Security Testing (SAST);
a second identifier identifying a second software security analysis tool of a second category for performing Dynamic Application Security Testing (DAST); and
a third identifier identifying a third software security analysis tool of a third category for performing Open Source Analysis (OSA); and
a processor configured to;
receive code to be scanned;
select at least two identifiers from the plurality of identifiers, each of the at least two identifiers identifying a software security analysis tool from a different category for execution on the code;
determine that a license status is expired for a first software security analysis tool of the at least two software security analysis tools;
generate a license renewal request for the first software security analysis tool;
send, to a licensor of the first software security analysis tool, the license renewal request;
receive, from the licensor, a license renewal for the first software security analysis tool;
update the license status for the first software security analysis tool to a renewed license status;
analyze the code to be scanned with the at least two software security analysis tools;
receive a result from each of the at least two software security analysis tools;
aggregate the result from each of the at least two software security analysis tools; and
display, in a user interface, the aggregation of the result from each of the at least two software security analysis tools.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for performing code security scan includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a plurality of identifiers each identifying a software security analysis tool of one of several categories, including SAST, DAST and OSA tools. The processor receives an identification of code to be scanned. The processor selects at least two identifiers from the plurality of identifiers. The at least two identifiers identify at least two select software security analysis tools for execution on the identified code. The processor receives an execution result from each select software security analysis tool after performing execution on the identified code. The processor aggregates the execution result from each select software security analysis tool. A user interface displays an aggregation of the execution result from each select software security analysis tool.
-
Citations
19 Claims
-
1. A system for performing code security scan, comprising:
-
a non-transitory computer readable medium storing; a plurality of identifiers each identifying a software security analysis tool, the plurality of identifiers comprising; a first identifier identifying a first software security analysis tool of a first category for performing Static Application Security Testing (SAST); a second identifier identifying a second software security analysis tool of a second category for performing Dynamic Application Security Testing (DAST); and a third identifier identifying a third software security analysis tool of a third category for performing Open Source Analysis (OSA); and a processor configured to; receive code to be scanned; select at least two identifiers from the plurality of identifiers, each of the at least two identifiers identifying a software security analysis tool from a different category for execution on the code; determine that a license status is expired for a first software security analysis tool of the at least two software security analysis tools; generate a license renewal request for the first software security analysis tool; send, to a licensor of the first software security analysis tool, the license renewal request; receive, from the licensor, a license renewal for the first software security analysis tool; update the license status for the first software security analysis tool to a renewed license status; analyze the code to be scanned with the at least two software security analysis tools; receive a result from each of the at least two software security analysis tools; aggregate the result from each of the at least two software security analysis tools; and display, in a user interface, the aggregation of the result from each of the at least two software security analysis tools. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A multi-tool security analysis system comprising:
-
one or more processors; and a memory in communication with the one or more processors and storing; a plurality of identifiers each identifying a software security analysis tool, the plurality of identifiers comprising; a first identifier identifying a first software security analysis tool of a first category for performing Static Application Security Testing (SAST); a second identifier identifying a second software security analysis tool of a second category for performing Dynamic Application Security Testing (DAST); and a third identifier identifying a third software security analysis tool of a third category for performing Open Source Analysis (OSA); wherein the software security analysis tools are presented on a multi-tool security analysis website associated with a host server, and wherein the memory stores instructions that, when executed by the one or more processors, are configured to cause the system to; receive, from the host server via a real-time application programming interface (API), an analysis request comprising code to be analyzed and at least two identifiers from the plurality of identifiers, the at least two identifiers identifying two or more software security analysis tools from two categories for execution on the software code; determine that a license status is expired for a first software security analysis tool of the two or more software security analysis tools; generate a license renewal request for the first software security analysis tool; send, to a licensor of the first software security analysis tool, the license renewal request; receive, from the licensor, a license renewal for the first software security analysis tool; update the license status for the first software security analysis tool to a renewed license status; analyze, with an execution of the two or more software security analysis tools, the code; aggregate an analysis output from each of the two or more software security analysis tools to create an aggregate result; and provide, to the host server via the real-time API, the aggregate result for a presentation on the multi-tool security analysis website. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A multi-tool security analysis system comprising:
-
one or more processors; and a memory in communication with the one or more processors and storing; a plurality of identifiers each identifying a software security analysis tool, the plurality of identifiers comprising; a first identifier identifying a first software security analysis tool of a first category for performing Static Application Security Testing (SAST); a second identifier identifying a second software security analysis tool of a second category for performing Dynamic Application Security Testing (DAST); and a third identifier identifying a third software security analysis tool of a third category for performing Open Source Analysis (OSA); wherein the software security analysis tools are presented on a multi-tool security analysis website, and instructions that, when executed by the one or more processors, are configured to cause the system to; receive an analysis request comprising a software code identifier for software code to be analyzed and at least two identifiers from the plurality of identifiers, the at least two identifiers identifying at least two software security analysis tools from two categories for execution on the software code; determine that a license status is expired for a first software security analysis tool of the at least two software security analysis tools; generate a license renewal request for the first software security analysis tool; send, to a licensor of the first software security analysis tool, the license renewal request; receive, from the licensor, a license renewal for the first software security analysis tool; update the license status for the first software security analysis tool to a renewed license status; analyze, with the at least two software security analysis tools, the software code; aggregate a vendor-specific output from each of the at least two software security analysis tools to create an aggregate result; and provide the aggregate result for presentation on the multi-tool security analysis website.
-
Specification