bdd-security icon indicating copy to clipboard operation
bdd-security copied to clipboard

Published 20 hours ago verified publisher icon iriusrisk

Understanding bdd-security Reports Help

Open danmartinj opened this issue 6 years ago • 1 comments

Hello,

I am not sure this is an issue and I am not sure where else to go looking for assistance but I am trying to understand if I start using this tool where are my traditional Security looking Reports going to be. After playing with this tool briefly I am only seeing Gherkin style reports or reports which look like java style stack traces.

I am hoping to make this as practical as possible so I am looking for reports which show severity, remediation, etc. Reports which look like standard security reports which I do not see. It is likely I am just missing something or not diving deep enough but any suggestions or comments would be appreciated. Thanks in advance.

Joe

danmartinj avatar Nov 05 '18 18:11 danmartinj

Hi Joe,

BDD-Security uses Cucumber for the tests themselves and the reports, so all the reports are cucumber reports. If you'd like a more traditional security centric view, then you can import these results into our IriusRisk threat modeling platform which is a commercial offering. The output would look something like this: screenshot_20

And IriusRisk can also create new tickets on issue trackers like Jira to represent the test failures: screenshot_21

stephendv1 avatar Nov 07 '18 11:11 stephendv1