How To Automate Security Analysis with the RIPS API

23 Aug 2017 by Hendrik Buchwald

RIPS API

RIPS exposes a powerful REST-API, an interface specifically designed for developers and their applications. It is used to provide the web interface with analysis results, to start scans through plugins, to manage users, and much more. In short, the API enables easy automation of all RIPS features through other programs.

In this blog post the architecture of the RIPS API is explained and the advantages of a RESTful API are shown. To demonstrate the simplistic nature of our interface, a small CI integration example is given that will reject code commits with security issues and hence protects the production server from new vulnerabilities.

Read More ...

Security Analysis with SonarQube Plugin

4 Aug 2017 by Martin Bednorz

SonarQube

SonarQube is one of the leading products for continuous code quality inspection and is used by more than 80,000 organizations world-wide to automatically detect a large variety of code quality issues. But in today’s world the detection of security issues is even more important. RIPS Technologies enables to integrate its awarded security analysis solution directly into SonarQube through a plugin. It allows to continuously scan existing SonarQube projects for security threats and for quality issues so that the deployment of unstable applications can be prevented.

Read More ...

Continuous Integration - Jenkins at your service

18 Dec 2016 by Daniel Peeren

Continous Integration Jenkins

Continuous integration (CI) is a powerful tool to increase the quality of software and to save valuable time in the development process. An integral aspect of continuous integration is the automated testing of source code to reduce the likelihood of risks, bugs, and errors. In order to assist developers in writing secure code, it is possible to connect the sophisticated security analysis of RIPS into existing CI tools. In this post, we will introduce our plugin for Jenkins, one of the most popular automation platforms in the world, that can automatically warn you whenever a new security issue is introduced to your code base.

Read More ...