DigitSec and Copado Integrate Closely for DevSecOps & Greater ROI
Over the past 18 months, DigitSec and Copado have worked together to closely align our products. Copado is the true leader in Application Lifecycle Management (ALM) for Salesforce, allowing teams to manage releases faster and with greater consistency. Their system runs directly on the Salesforce Platform and is incredibly powerful in its flexibility to be configured to meet the pipeline demands of sophisticated teams.
DigitSec’s system is designed as a standalone product for Salesforce, but it can also be tightly integrated into Copado. Of course, if you are on our site, you already know that you can start using DigitSec by launching a Proof of Concept Trial by getting in touch with our Sales and Success team; but you can also find us listed on the new Copado DevOps Exchange.
Our integration with Copado means that after initial setup, developers can operate entirely within the Copado platform to complete their work and access the results of security scans.
Delivering True DevSecOps for Salesforce
A robust Salesforce application DevOps practice utilizing Copado will link Sandbox, Test, and Production environments across a development pipeline without the worry of various deployment quirks.
Adding security testing throughout this practice is what makes it DevSecOps. Security testing is imperative when developing applications in Salesforce because vulnerabilities introduced by custom code, configuration changes, or third-party integrations are the Salesforce customer’s responsibility.
Any subsequent data leakage from a malicious attack that happens because of insecure custom code rests on the company’s shoulders.
Copado makes DevOps better by making code easy to move between different testing and production environments, automating the entire process and making it easily trackable.
Integrating DigitSec with Copado means that your developers can now run automated security scans against each different environment, because it isn’t just the code that must be analyzed, but also the context in which the code is running.
Securing the entire pipeline is a strong defense against attacks to your organization and its data. This is what it means to practice true DevSecOps in Salesforce development.
DigitSec Is Brought Directly Onto the Copado Platform Management System
1. Once a scan has completed the details of the scan are reflected back to the Copado Results object, which provides a summary description of the vulnerabilities by severity rating and whether the Security Gate Setting was passed.
2. Within the Result Object, developers can click into the Related Details tab to see a listing of each vulnerability finding, the severity rating and the default Status assignment.
3. By clicking on one of the links in the Vulnerability Finding list, we can see the details of a SQL Injection attack vulnerability.
4. Copado’s power over time to standardize deployments also creates a track record that DigitSec can integrate with as well. Each scan is logged and the results are accessible within the Copado Platform, making it easy to track back results from all of the tests.
These are just some of the features of the DigitSec/Copado integration. DigitSec is also compatible with Copado Essentials, Classic and Next Gen to meet the security needs of any company using Copado.
