Thurgood provides you with information so you can determine if you want to tweak your submission based upon security reviews, add additional test coverage or resubmit if you’ve forgotten files that caused your build to fail.
CloudSpokes has integrated several security tools, including Checkmarx’s SAST solution, which were based upon the Thrugood platform.
1. Submit your code for a Salesforce.com challenge.
2. Your code is uploaded to cloud storage and sent to the queue for processing depending upon the type of language.
3. Once the code is committed, the post-receive hook notifies Jenkins (running on Cloudbees) of the new code. Jenkins downloads your code from git, runs various Checkmarx security and vulnerability scans, runs ANT to deploy your code, runs all unit tests and finally undeploys all of your code. The results of the Checkmarx scans (PDF, CSV and XML files) are upload to S3 while the debug log of the build and unit tests are sent to Papertrail.
View the full process here
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.