This document discusses building security into DevOps pipelines using Tasktop Integration Hub to connect security vulnerabilities and defects across tools. It introduces the speaker and describes how Tasktop enables bidirectional artifact flow and reporting across lifecycle tools while maintaining relationships. A demo then shows synchronization between a security scanning and test management tool.

1. © Tasktop 2017
Building Security Into Your DevOps Pipeline
Painless DevSecOps

2. © Tasktop 2017
GoToWebinar Housekeeping
Check your email tomorrow for recording
and slides.
If you are having technical problems,
please contact GoToWebinar:
Toll-Free: (855) 202-7959
Long Distance: (805) 617.7049
*United States Numbers

3. © Tasktop 2017
Meet the Speaker
Over 15 years in technical roles in software industry
Helps customers maximize value of integrations
Helped 20+ organizations undertake large-scale Agile and
DevOps transformations
Adam Jones
Sr. Solutions Engineer

4. © Tasktop 2017
Connecting Security Vulnerabilities and Defects
Fix security vulnerabilities as soon as they’re discovered to minimize impact
Everyone can use their tool of choice to view and resolve a security vulnerability
Improve compliance by providing traceability between vulnerabilities and fixes
Enable real-time reporting on status of security vulnerabilities

5. © Tasktop 2017
Tasktop Integration Hub
End-to-end platforms are over.
Create a modular toolchain, using best-of-breed tools.
Value Stream Automation Value Stream Visibility
Flow information across teams,
organizations and tools
Eliminate wasted time, bottlenecks,
errors and rework
Automatically compile lifecycle
activity data
Enable the creation of consolidated
dashboards and traceability reports

6. © Tasktop 2017
DAST VulnerabilityDAST Vulnerability DefectSecurity
Analyst
WhiteHat Sentinel
Tester
HPE Quality Center

7. © Tasktop 2017
Demo

8. © Tasktop 2017
Synchronization
Bi-directional artifact flow between lifecycle connectors
Gateway
Event-triggered artifact creation or modification
Enterprise Data Stream
Flow artifact activity data to a database for reporting
The Tasktop Way
Model-Based Integration
Map artifacts to a central model instead of creating
endless tool pairs
Artifact Relationship Management
Maintain critical context by mirroring relationships like
parent-child, validated by or blocked across systems
Artifact Routing
Control artifact flow based on its attributes
Integration Styles
Making Hard Things Easy

9. IT Automation
Chef
Puppet
Jenkins
Hudson
Ansible
Salt
Atlassian Bamboo
UrbanCode Deploy
(uDeploy)
Travis-CI
ThoughtWorks Go
OpenMake
CA Release Automation
XebiaLabs DeployIT
JetBrains TeamCity
Vagrant
Windows Powershell
Test Management
IBM RQM
HPE QC/ALM
Microsoft Test Manager
Tricentis Tosca
Zephyr for JIRA
SmartBear QAComplete
QA Symphony
Project & Portfolio Mgmt.
CA (Clarity) PPM
HPE PPM
Microsoft Project Server
Planview Enterprise
ServiceNow PPM
Change / Workflow Mgmt.
Borland StarTeam
CA Harvest
IBM Rational ClearQuest
Serena Business Manager
Issue Tracker
GitHub Issues
Mozilla Bugzilla
GitLab Issues
ITSM
BMC Remedy
JIRA Service Desk
ServiceNow
ServiceNow Express
Zendesk
Salesforce Service
Cloud
Enterprise Modelling
Sparx EA
Content Mgmt.
Microsoft SharePoint
Security
WhiteHat Sentinel
SCM
Git
GitHub
BitBucket
Subversion (SVN)
CVS
Perforce
Code Analysis
SonarQube
Coverity
AppScan
Veracode
HPE Fortify
Build Mgmt.
uBuild
Ant
Maven
Snap
Grunt
Test Automation
Selenium
HP UFT
Conformiq
Cucumber
APM
New Relic
AppDynamics
Dynatrace
Compuware APM
BMC APM
CA APM (Wily)
IBM APM
Supports 350+ tool
Versions. Built and tested
in our “Integration Factory”
• 3300 API tests in spec
• 500k API tests per day
Project ManagersBusiness Analysts OperationsTester Developers
Requirements Mgmt.
Blueprint
IBM Rational DOORS NG
IBM Rational DOORS
IBM Requisite Pro
iRise
Jama
Modern Requirements4TFS
Serena Dimensions RM
Agile Planning
CA Agile Central (Rally)
CA Agile Planning
IBM Bluemix
JIRA
LeanKit
Mingle
Pivotal Tracker
ServiceNow Agile
Targetprocess
VersionOne
ALM
IBM RTC
HPE ALM Octane
Microsoft TFS
MS VS Team Services (VSO)
Polarion

10. © Tasktop 2017
Our Customers are Changing the World of Software Delivery
of the
Fortune
10043
of the top 25
world banks11
of the top 10
US insurers4
of the top 6
health plans6

11. © Tasktop 2017
Questions?

12. © Tasktop 2017