Understanding bdd-security Reports Help

[danmartinj]

Hello,

I am not sure this is an issue and I am not sure where else to go looking for assistance but I am trying to understand if I start using this tool where are my traditional Security looking Reports going to be. After playing with this tool briefly I am only seeing Gherkin style reports or reports which look like java style stack traces.

I am hoping to make this as practical as possible so I am looking for reports which show severity, remediation, etc. Reports which look like standard security reports which I do not see. It is likely I am just missing something or not diving deep enough but any suggestions or comments would be appreciated. Thanks in advance.

Joe

[stephendv1]

Hi Joe,

BDD-Security uses Cucumber for the tests themselves and the reports, so all the reports are cucumber reports. If you'd like a more traditional security centric view, then you can import these results into our IriusRisk threat modeling platform which is a commercial offering. The output would look something like this:

And IriusRisk can also create new tickets on issue trackers like Jira to represent the test failures: