Research of Static Application Security Testing Technique Problems and Methods for Solving Them
Yuri Leokhin, Timur Fatkhulin, Mikhail Kozhanov
Abstract
The article discusses the main aspects of static application security testing (SAST) technique. The aim of the work is to study the problems of storing and managing SAST results in the life cycle of secure software development and to find ways of solving them. The subject of the study is software being developed, the safety of which is verified using SAST. The relevance of the study is due to the fact that insufficient management of SAST data can seriously threaten the security, quality and confidentiality of data, as well as slow down the development process. The article provides experimental data on the use of a number of SAST results management systems. This study examines SAST results management systems such as SonarQube, Coverity and Fortify, because of their widespread use due to their wide functionality. The methodological basis of the article is the method of system analysis, a descriptive method, methods of theoretical analysis, as well as a generalization method.