• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 2 replies
  • Subscribers 8 subscribers
  • Views 6425 views
  • Users 0 members are here
Related Discussions
Home » Discussions » General

Tool for real-time vulnerability scan of Appian code

sathishkumars

Some of the organisation have strict mandate that all applications must pass the vulnerability scan or security test (run via their preferred tool).

Example - https://www.checkmarx.com/technology/static-code-analysis-sca/ is used for java and .Net based applications - and the tool provides real-time indicators/suggestions of vulnerability in the code, as and when the developer develops the code.

But Appian is not compatible with Checkmarx (or vice versa!). Any suggestions from other developers or Appian Professional services in these scenarios ?

I have already checked following links but no luck:

community.appian.com/.../hardening-appian
community.appian.com/.../kb-1442-speculative-execution-vulnerabilities
community.appian.com/.../kb-1447-vulnerability-testing

forum.appian.com/.../Appian_Cloud_FAQ.html

community.appian.com/.../25389
community.appian.com/.../security-attacks-in-appian

Thanks,

Satish

  Discussion posts and replies are publicly visible

Parents
  • +1
    Certified Lead Developer
    While discussing security I tend to break it into two distinct categories.

    The first category is business security. This is how an implementation team configures the application in accordance with business requirements (e.g. "User A" can see information on "Record X", but "User B" can not). Business security should be validated through SDLC test procedures and against Appian configuration best practices with tools like Health Check.

    The second category is system security. This is how the platform and related infrastructure is configured (e.g. OS patches, server configuration, access controls, etc). By utilizing Appian Cloud, system security is continuously evaluated and updated by the Appian Cloud Engineering team. Documentation of Appian Cloud's security posture is available to customers based on their various needs (i.e. SOC reports, FedRAMP package, etc).

    If you have questions on the Appian Cloud security procedures it would be best to coordinate with your Account Executive and the Appian Support team directly.
Reply
  • +1
    Certified Lead Developer
    While discussing security I tend to break it into two distinct categories.

    The first category is business security. This is how an implementation team configures the application in accordance with business requirements (e.g. "User A" can see information on "Record X", but "User B" can not). Business security should be validated through SDLC test procedures and against Appian configuration best practices with tools like Health Check.

    The second category is system security. This is how the platform and related infrastructure is configured (e.g. OS patches, server configuration, access controls, etc). By utilizing Appian Cloud, system security is continuously evaluated and updated by the Appian Cloud Engineering team. Documentation of Appian Cloud's security posture is available to customers based on their various needs (i.e. SOC reports, FedRAMP package, etc).

    If you have questions on the Appian Cloud security procedures it would be best to coordinate with your Account Executive and the Appian Support team directly.
Children
No Data

© 2024 Appian. All rights reserved.