Application security testing orchestration (ASTO) is an important capability of an integrated MAVERIX DevSecOps platform. Application security tools (AST) such as Open Source Analysis (OSA), Static Application Security Testing (SAST), Software Composition Analysis (SCA), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), and Behavioral Application Security Testing (BAST) need to be called at the right stages within the CI/CD pipeline for different code branches, artifact repositories and build environments.
With a standard plugin based integration, CI/CD pipeline will not pass this information to AST tools. Hence, this information needs to be manually configured for each scan or complex automation code need to be written to collect and pass this information to AST tools. MAVERIX orchestration is designed for automated out-of-the box AST tools integration with CI/CD pipeline.
Maverix orchestration engine ensures end-to-end integration of security toolchain with software engineering tools, provides automated control of security pipelines and allows consolidation and analysis of all data within continuous secure software engineering process. Orchestration capability significantly reduces time and effort required to implement DevSecOps into complex heterogeneous engineering environments.