cloudspokes-logo1

Automated CloudSpokes Code Testing & Analysis with Thurgood

Apr 25, 2013 By carolineb

We’d like to introduce you to Thrugood, CloudSpokes new tool- providing a quality and security analysis of submitted challenge code.

Thurgood provides you with information so you can determine if you want to tweak your submission based upon security reviews, add additional test coverage or resubmit if you’ve forgotten files that caused your build to fail.

CloudSpokes has integrated several security tools, including Checkmarx’s SAST solution, which were based upon the Thrugood platform.

Process

1. Submit your code for a Salesforce.com challenge.

2. Your code is uploaded to cloud storage and sent to the queue for processing depending upon the type of language.

3. Once the code is committed, the post-receive hook notifies Jenkins (running on Cloudbees) of the new code. Jenkins downloads your code from git, runs various Checkmarx security and vulnerability scans, runs ANT to deploy your code, runs all unit tests and finally undeploys all of your code. The results of the Checkmarx scans (PDF, CSV and XML files) are upload to S3 while the debug log of the build and unit tests are sent to Papertrail.

View the full process here

The following two tabs change content below.

carolineb

Latest posts by carolineb (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.