AppSec Monitor: SAST & DAST Alerting

Objective: The AppSec Monitor is a comprehensive security solution designed to manage and monitor both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) scans, with a focus on identifying, reporting, and alerting on failed scans and new findings. The application leverages Checkmarx for SAST and WebInspect for DAST, and uses Slack for notifications.

Integration and Notification System

  • Slack Integration:
    • Utilizes Slack for real-time notification of scan findings, enabling rapid response to potential vulnerabilities.
  • API Utilization:
    • Leverages the APIs provided by Checkmarx and WebInspect for fetching and parsing scan data.
  • Automated Workflow:
    • Supports an automated workflow from scan monitoring to notification dispatch, minimizing the need for manual intervention.

SAST Monitoring Features

  1. Scan Parsing and Monitoring:

    • Analyzes SAST scan reports from Checkmarx to detect and categorize ‘To Verify’ findings.
    • Tracks high, medium, and low severity findings that require verification.

  2. Alert Generation:

    • Sends formatted alerts through Slack for scans that have new findings or require attention.
    • Provides direct links to the scans within the alert for quick access to detailed information.

  3. Reporting and Data Management:

    • Generates XML reports in UTF-8 format for easier handling and readability.
    • Stores detailed scan data, including findings by severity, and maintains a count of items to verify.

  4. Concurrent Processing:

    • Utilizes concurrent processing to handle multiple projects efficiently, enhancing performance and scalability.

  5. Automated Scan Retrieval:

    • Automates the retrieval of SAST scan reports based on project IDs.
    • Gathers new SAST findings, appending them to a master list for review and action.

DAST Monitoring Features

  1. Scan Health Assessment:

    • Evaluates the health of DAST scans by identifying failed scans using WebInspect data.
    • Maintains a list of completed scans with their respective statuses and dates.

  2. Failed Scans Detection:

    • Detects and counts the number of failed DAST scans.
    • Provides a filepath for accessing detailed failed scan data.

  3. Data Synchronization and Update:

    • Synchronizes scan data and updates records if there are any discrepancies between current and temporary data.
    • Updates the scan data file with new projects identified in the temporary data.

  4. Failed Scans Alerting:

    • Writes information on failed scans to a specified file and alerts via Slack if there are any failed scans.

  5. Multithreaded Scan Processing:

    • Employs multithreaded execution to process scan results concurrently for improved efficiency.

  6. Data Cleanup:

    • Cleans up scan files and directories post-processing to ensure that the system remains clutter-free.

Error Handling and Logging

  • Implements robust error handling and logging mechanisms to ensure any issues during the scan monitoring process are captured and can be addressed.

Scalability

  • Designed with scalability in mind, allowing for the addition of more project IDs and handling a larger volume of scans as needed.

The AppSec Monitor serves as a proactive tool in a security team’s arsenal, providing critical insights into the security posture of applications in development and ensuring that security scanning tools are functioning as expected.

GitHub Repository
See All Projects