Posted: 15 Oct 2020 11:02 EDT Last activity: 15 Oct 2020 13:47 EDT
Integrating with external code scanners
Our enterprise requires that all application code be reviewed for security vulnerabilities. It is preferred that code scanning tools like Fortify be used. Pega code traditionally has not allowed for such tools due to the way code is stored and structured. When compiled, I know it is ultimately Java code, but it isn't stored in the database in that form. Due to not having this capability, we are forced to do manual code reviews which takes a lot of time.
Is it possible to allow any external tools to scan Pega code?
If no, is there any plan to move in that direction?
***Edited by Moderator Marissa to update Platform Capability tags****