Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Understanding bdd-security Reports Help #101

Open
danmartinj opened this issue Nov 5, 2018 · 1 comment
Open

Understanding bdd-security Reports Help #101

danmartinj opened this issue Nov 5, 2018 · 1 comment

Comments

@danmartinj
Copy link

Hello,

I am not sure this is an issue and I am not sure where else to go looking for assistance but I am trying to understand if I start using this tool where are my traditional Security looking Reports going to be. After playing with this tool briefly I am only seeing Gherkin style reports or reports which look like java style stack traces.

I am hoping to make this as practical as possible so I am looking for reports which show severity, remediation, etc. Reports which look like standard security reports which I do not see. It is likely I am just missing something or not diving deep enough but any suggestions or comments would be appreciated. Thanks in advance.

Joe

@stephendv1
Copy link
Contributor

Hi Joe,

BDD-Security uses Cucumber for the tests themselves and the reports, so all the reports are cucumber reports. If you'd like a more traditional security centric view, then you can import these results into our IriusRisk threat modeling platform which is a commercial offering.
The output would look something like this:
screenshot_20

And IriusRisk can also create new tickets on issue trackers like Jira to represent the test failures:
screenshot_21

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants