ApplSec DevSecOps

Level - L1+L2

L-1

• Monitor all Fortify SAST scans to ensure they are completed and remain consistent.
• Troubleshoot scan errors and coordinate with DevOps or OEMs for prompt resolution.
• Track issues until they are fully remediated and within the established SLA.
• Maintain the overall health of the Fortify tool and monitor scan success metrics.
• Provide weekly scan summaries and contribute data to SLA dashboards.
• Assist with onboarding new applications and CI/CD environments for SAST integration.

L-2

• Integrate Fortify Static Code Analyzer into DevSecOps pipelines for supported apps
• Configure repo paths, scan profiles, and schedule scans within CI/CD pipelines
• Validate results, triage false positives, and tag severity levels (critical/high/medium)
• Share scan reports and remediation guidance with dev teams
• Discussion with App teams for remediation issues
• Track and ensure remediation within SLA, flag violations
• Monitor scan performance and tool health, coordinate with OEM for fixes
• Maintain remediation dashboards and provide insights to AppSec Lead
• Support knowledge sharing on secure coding and Fortify tool usage.

Tools / Technology

MicroFocus Fortify, Web Inspect GitHub, PaloAlto Prisma Cloud.