CASE STUDY

Veracode: Platform Integration

Integrate a collection of software developer tools with their flagship security flaw scanning product.

Role: Lead UX designer

Designed for

CASE STUDY

Veracode: Platform Integration

Integrate a collection of software developer tools with their flagship security flaw scanning product.

Role: Lead UX designer

Designed for

CASE STUDY

Veracode: Platform Integration

Integrate a collection of software developer tools with their flagship security flaw scanning product.

Role: Lead UX designer

Designed for

01 –

Understanding the problem

Veracode has a flagship product called “Platform” that scans software applications for security vulnerabilities and reports on them. In order to stay dominant in the marketplace with new competitors entering the industry regularly, we decided to more tightly integrate our applications into our customers’ chosen development tools.

One of the challenges was that there were over one hundred different applications customers were using to create and maintain their custom software code. Another hurdle was making the integration process so simple and intuitive that users could fine-tune their integration settings without having to read extensive documentation every time.

CONSTRAINTS

Rolling out integration capabilities for new applications on a monthly basis.

Creating UIs that are intuitive enough that users can pick up how to configure them after not having used them for months.

PROJECT TIMELINE

An ongoing project started in 2016 with new applications added to the integrations collection on a monthly basis.

02 –

Taking The Right Approach

Create a way for users to access API hooks that all the integrations could tie into including security validation.

Integrations code pipeline flow diagram

SaaS application landing page redesign

Create a list of the types of software applications that would benefit the most from such an integration.

One-on-one interviews with clients

Industry research to see which IDEs (integrated development environments) were the most popular and easiest to work with.

Start with integrating the application scanning into IDEs

We found IDE programming experts on IDE forums and hired those qualified as consultants to better understand what the UI limitations are in custom IDE plugins

After looking over the research and talking with the team we decided to work on the Eclipse plugin first, then IntelliJ, and finally Visual Studio Code.

Wireframes were created using Sketch and were brought through design review with the UX team

Refined designs were shown to four clients who answered a collection of questions in three categories: their persona, how they do their jobs with IDEs, and general feedback on their current flaw-finding process and the new designs shown.

Clients were asked how they would rate the designs on a scale of 1-10 and what would make it a 10.

We worked closely with developers to make sure the quality of the designs was maintained in the finished product.

IDE plugin UI elements for Greenlight

Flow diagram for the automatic creation of Jira tickets from flaw scans

Jira plugin integration settings

Move on to integrating with bug tracking tools like Jira.

We worked with the project managers to define what functionality should be in the Jira plugin.

Elaborate workflow diagrams were created that spelled out how any software flaws that were discovered would be classified and categorized in Jira, while allowing users the ability to configure a wide variety of ways the flaws could be imported and assigned.

UI designs were created and brought through peer design review with the UX team.

Key stakeholders including the tech lead and the product manager of project signed off on the design.

Designs were handed off to development.

Reassess customers needs, and continue adding new tools and UIs.

Industry research was continued into the new and up-and-coming tools that developers were using, and plans were made to integrate Platform into those tools as well.

Resulting automatically generated Jira ticket

03 –

Final Results

The first release of the integrations tools was a huge success. In their first year in the marketplace they were the fastest-growing products by revenue the company had ever released. They were also given a major mention in the company’s annual meetings with shareholders and within the company’s yearly conference.

The project is still ongoing and is a fundamental part of Veracode’s continued dominance in the application security sector.

I have applied for two patents based on my research, and one was formally submitted to the patent office. The first was for a code merge gate that would scan any code that was different from the trunk for security flaws before merge. The second proposal was for scanning applications as while they were running, and comparing the results from the last time a different version of the code ran.

03 –

View More Case Studies

Validity:
CRM Trust Assesment

Aquent:
Advanced Talent Communication

Validity:
CRM Trust Assesment

Aquent:
Advanced Talent Communication

Veracode:
Platform Integration