What is Veracode2Rally?

Veracode2Rally is an open source tool created by DevOps teams for DevOps teams. It speeds application development by directly exporting security flaws found in Veracode static analysis scans and importing them into Rally. No more manually opening a defect ticket when a Veracode flaw is found or closing one when it’s fixed. Veracode2Rally manages Rally tickets for you based on the results of the last scan.

What about mitigating false positives?

Veracode2Rally handles that too. Developers can propose mitigations and be notified of their approval without ever leaving Rally. Using bidirectional synchronization, Veracode2Rally copies a proposed mitigation from Rally to Veracode. If approved, the next synchronization copies a notification from Veracode back to Rally and closes the ticket!

See Veracode2Rally in action by checking out the demo.