Case Study Details

  • Home
  • SAST and SCA Tool Implementation

Case Study Information

  • Project Name: SAST and SCA Tool Implementation
  • Service: Product Security Engineering Support
  • Client: Private
  • Complete Date: 2019

Evaluated, piloted and helped roll out static application security testing and software composition analysis tools for a multi-billion-dollar medical device manufacturer. These capabilities were integrated with product development process for new products and post market management of those in the market.

This project was required to enhance the cybersecurity capabilities of the organization for products being developed and those in the market. Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools enable the identification of security defects or vulnerabilities, so they can be fixed early in the process and prior to launch. For products in the market, they help identify new vulnerabilities that may require mitigation or remediation.

SAST and SCA Tool Implementation

The project involved the following:
  • Identifying Static Application Security Testing and Software Composition Analysis solutions to evaluate
  • Setting Up Test Environments and Testing Both Source Code and Binary Files Provided by Product Development Teams
  • Testing Integration With Continuous¬†Integration And Continuous Delivery¬†(CI/CD) Solutions, To Automate Aspects Of The Testing
  • Develop Processes and Work Instructions to Govern the Usage of the Tools and Management of Their Output