Businesses and other organizations utilize various systems to identify and remediate issues such as security vulnerabilities in their software applications. In general, a vulnerability is a weakness in the software that allows an attacker to improperly access or manipulate the company's software or associated data to the detriment of the company. Examples of application vulnerabilities may include hard-coded passwords, cross-site scripting, SQL injection, LDAP injection, insecure server configuration, and others. Businesses may utilize a number of different application scanning systems to scan the source code of software applications, the open source software (OSS) libraries, and the WEB interface during run time. Additionally, some software applications may be tested via ethical hacking. Use of these methods and systems for application vulnerability scanning leads to the identification of vulnerabilities that are then managed by the company's development teams. Other types of issues may include software quality issues detected by a code quality scanning tool, for example.
Known scanning systems, however, have a number of drawbacks. For example, developers using known scanning systems have to go to each system after every scan to identify the changes between the current scan results and the previous scan results, and this list may have dozens, hundreds or even thousands of entries. The developers may need to plan the remediation for the new issues, may might require tracking a remediation date for every issue. The developer must also verify that the issues that dropped from the scan are truly resolved, as opposed to a situation where only a partial scan was executed. Furthermore, known scanning systems list all individual issues and do not consider the unit of work, i.e., the activity required to remediate the issue. In addition, once the issue resolutions are planned they need to be entered into the developer's backlog for resolution. These and other drawbacks and gaps exist in known systems.