The SCW Trust Agent can be configured with a code commit policy that matches your organization's specific requirements and risk appetite. By defining the minimum baseline levels of training required for your developers, you are able to monitor the commit health of your repositories and identify gaps in your training program, developer coverage, or language coverage.
The Trust Agent assigns one of three categories to code commits to provide visibility into whether developers' security competency matches the required levels and whether the required training has been completed in the correct language. The three categories are:
- Trained commit - a commit that has been made by a developer with sufficient security competency in all languages used in the commit at the time of the commit
- Partially trained commit - a commit that has been made by a developer with sufficient security competency at the time of the commit, but without full coverage of all languages used in the commit
- Untrained commit - a commit that has been made by a developer without sufficient security competency
The first step to configuring your Trust Agent policy is to decide on the baseline requirements for what you consider to be a Trained commit. In a typical application security program there will be a set of required learning content in the form or courses or assessments that must be completed.
The second step is to configure this learning content in the Trust Agent and you can do this by navigating to Administration > Trust Agent Settings. Click the Assign Content button to bring up the learning content selection screen and select the identified courses or assessments from the list. You can use the search box to quickly find and select large number of courses or assessments if needed.
Once your selection has been made, review the list of selected learning content and then click Save. You will now see a summary of the selected content in the Trained commits section.
You can now return to the Trust Agent dashboard to see your newly configured policy applied.
Comments
0 comments
Article is closed for comments.