Are there any tools in PEGA which gives a security report like how we have guardrail report which checks the code quality? I heard there is a tool which we need to manually run and it gives a report on how secure your application is based on the DSS settings we do.
Did i hear it rite? If yes, Can anyone give me more details on it or redirect to any reference document /link which gives a clear idea on this?
I haven't heard of any dedicated tool which can be run on Pega applications on runtime in order to get a security report. (like Thirdparty penetration tests, or security scans run)
Also during runtime, you can make use of PegaALERTS log which would log few SECUXXX alerts based on the different security use-cases. (like invalid chars detected, CSRF attack detected and many others)
Refer to Security alerts section for the list of alerts and individual alert details
Thank you for the information. I thought there is a dedicated tool apart from Rule Security Analyzer. My client is looking for internal build tool or else he wants us to integrate with external security tools. No issues will explore more on the Rule Security Analyzer tool and the alert files.