Developer Guide
Objective​
Ship features with security built into day-to-day development, reducing rework and fixing issues early in the lifecycle.
Main responsibilities​
- Follow secure coding practices in feature implementation.
- Validate code changes with security checks before merge.
- Fix vulnerabilities with clear prioritization and ownership.
- Keep requirements and evidence updated during remediation.
Follow-up routine​
- Run security checks on feature branches.
- Review newly assigned vulnerabilities.
- Prioritize fixes by severity and exploitability.
- Validate remediation with retest or new scan execution.
- Keep issue tracker tickets synchronized with fix status.
- Update implementation notes for recurring findings.
- Escalate blockers that depend on architecture or platform teams.
- Share lessons learned with the squad.
Core workflows in Conviso​
- Run and review security scans: Scanning your Application (Conviso AST)
- Remediation tracking: Vulnerabilities
- Project context and ownership: Projects
- Secure requirements and validation flow: Requirements
Defect tracker integration​
Integrate Conviso Platform with your issue management tool using Defect/Bug Tracking integrations to synchronize and manage vulnerabilities in your team workflow.
Automation with CLI and API​
Use New CLI and API to automate security checks, standardize command execution in pipelines, and reduce manual remediation overhead.
Management and collaboration tool​
- Notifications for assigned issues, status changes, and follow-up actions: Notifications Center
Recommended KPIs​
- Time to first fix after vulnerability assignment.
- Reopen rate after remediation.
- Vulnerability backlog by severity in the squad.
- Security check pass rate in pull requests.
Playbooks​
Critical vulnerability blocks release​
- Confirm exploitability and affected scope.
- Apply mitigation or fix and open pull request with context.
- Request fast retest and status update.
- Document root cause and prevention action.
Recurring vulnerability pattern in multiple repos​
- Identify common coding pattern causing the issue.
- Propose reusable fix guidance or shared component change.
- Apply fix in priority repositories first.
- Validate reduction trend in the next scan cycle.
Contribute to the Docs
Found something outdated or missing? Help us improve the documentation with a quick suggestion or edit.
How to contributeResources
By exploring our content, you'll find resources that will enhance your understanding of the importance of a Security Application Program.
Conviso Blog: Explore our blog, which offers a collection of articles and posts covering a wide range of AppSec topics. The content on the blog is primarily in English.
Conviso's YouTube Channel: Access a wealth of informative videos covering various topics related to AppSec. Please note that the content is primarily in Portuguese.