CONTROLLED DATA
Leidos Proprietary - US Citizens ONLY
The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.
The following tools and technologies are available within the Leidos Secure DevOps (SDO) Enterprise Solution. They are listed in alphabetical order but can be sorted by any column.
| Tool Name | Version | Tool Provider | Tool Acquisition | Purpose | Add-ons | Approval Documentation |
|---|---|---|---|---|---|---|
| Artifactory | 7.31.16 | JFrog | COTS | Universal repository manager. | ||
| Bitbucket (Data Center) | 7.21.10 | Atlassian | COTS | Web-based version control repository for source code and development projects using Git revision control. |
| |
| Confluence (Data Center) | 7.19.16 | Atlassian | COTS | Project collaboration software. |
| |
| CxSAST | 9.4.0 | Checkmarx | COTS | CxSAST is a robust static source code analysis tool that automatically scans uncompiled code and identifies hundreds of security vulnerabilities in prevalent coding languages. The distributed deployment of CxSAST includes a single CxManager that performs all system functions such as project/scan configurations. The CxManager is supplemented by a cluster of CxEngine instances that perform the actual code scans in parallel. | ||
| GitLab | 15.11 | GitLab | FOSS | GitLab is the most comprehensive AI-powered DevSecOps Platform. | ||
| Jenkins | 2.235.1 | Jenkins | FOSS | Automation server for continuous integration and continuous delivery. | ||
| Jira (Data Center) | 8.20.16 | Atlassian | COTS | Agile project management and issue tracking. |
| |
| Jira Service Desk (Datacenter) | 8.20.16 | Atlassian | COTS | Service/IT Issue Tracking System Built on Jira Framework. |
| |
| JMeter | 5.1.1 | Loadium | FOSS | The JMeter application is open source software, a 100%pure Java application designed to load test functional behavior and measure performance. | ||
Netsparker / Invicti - Enterprise and Standard | 2.3 | Invicti | COTS | Dynamic Application Security Testing (DAST) is the process of testing a web application from the outside. The best way to think of it is as a “black box” testing method, where we can simulate a real attack like: SQL injection, Cross-Site Scripting (XSS), etc. on our applications to assess secure development and any mitigating factors/compensating controls. Our team's testing methodology uses the OWASP Top 10 for our evaluations and assessments. This capability is currently offered using the Netsparker Enterprise tool, where we work with application teams and admins to develop custom scan policies to reduce impact to applications based on this scanning activity. | ||
| Selenium | 3.14.0 | Selenium | FOSS | Open source platform that specializes in running multiple tests across different browsers, operating systems, and machines in parallel. | ||
| SonarQube | 7.4 | SonarQube | FOSS | Open source platform for continuous inspection of code quality, static analysis of code, code smells, and security vulnerabilities. | ||
| Xray | 2.4.1 | JFrog | COTS | Xray performs a multi-layer analysis of containers and software artifacts for vulnerabilities. Enable proxy and hosted repositories for all the popular artifact types, Docker images, maven artifacts, rpm/yum, npm, python, ruby, nugget, etc. Artifacts are scanned for vulnerabilities when the artifacts are uploaded to the repository and periodically thereafter as new vulnerabilities are discovered. |
Add Comment