We are pleased to announce updates to the Veracode integrations to Microsoft Visual Studio Team Services (VSTS) and Team Foundation Server (TFS), and to Visual Studio. The VSTS/TFS integration makes static and dynamic security findings available as work items in the VSTS/TFS issue tracker, and automatically updates the related defects when they are fixed or have approved mitigations. The Visual Studio update enables the Veracode Visual Studio Extension to work with Visual Studio 2017, allowing developers to compile their applications for static analysis, start scans, view results, and triage and fix security findings from within their IDE.
To keep up with the shift to DevOps and rapid release cycles, application security solutions need to integrate into security and development teams’ existing tools and processes as much as possible. Tacking additional steps onto the development process or forcing teams to interrupt their workflows to switch tools are becoming increasingly unfeasible within today’s development paradigms.
In modern development environments, AppSec needs to be available where development and QA teams are already working and integrate with the tools they’re already using.
We’ve updated the Veracode Visual Studio Team Services Extension to provide integration with VSTS/TFS work items, giving teams visibility into their security findings alongside the rest of their backlog.
The VSTS Extension can be configured to allow teams to import all security findings or only those that violate the organization’s security policy, so that development teams only have to focus on what’s important to their organization. The VSTS Extension also automatically updates and closes work items regarding security-related defects as the issues are fixed or mitigated.
Like Veracode’s industry-leading integrations with JIRA and HP ALM, the Veracode VSTS Extension keeps the team focused on making their application more secure, rather than ticket maintenance.
Veracode now supports scanning in the latest version of Visual Studio.
The Veracode Visual Studio Extension has been updated for compatibility with Visual Studio 2017. This allows developers using the latest version of the Microsoft IDE to initiate static application security tests and consume results from within their IDE.
Find out more about how Veracode integrates with development and security tools and processes in our new guide, Veracode Integrations: Streamline Application Security for Both Security and Development Teams.