Week 1 plan
During week 1, work with your Qwiet customer success representative for onboarding and to review Qwiet scan results for a few applications. The objective during the first few weeks is to produce a workflow configuration and automation scripts for various languages and application types that you can reuse to onboard additional applications in the subsequent weeks.
Ensure that suitable stakeholders, such as DevOps, the Active Directory administrator, or members of the AppSec team, are available to troubleshoot and sign-off on the appropriate onboarding activities.
For the first few weeks, you may want to operate Qwiet in a scan-only, but synchronous, mode to analyze and produce findings without affecting your build or release cadences. This can help with the introduction of a new tool without drastically changing your existing workflow.
Training the security champions
During the first few weeks, Qwiet can help organize training and demo sessions for the identified security champions and AppSec team members to help you train the trainers, easing scalability and adoption of Qwiet preZero across all teams.
Writing automation scripts
Qwiet offers several automation scripts and Terraform modules to help you automate the deployment process. We can also provide assistance with the development of custom scripts required for a large-scale rollout.
Because automation capability varies among CI/CD platforms, we recommend creating a list of applications and the CI/CD platform with which the application is affiliated to determine the scripts you will need.
Onboarding support
Qwiet offers support during each step of the onboarding process via the agreed-upon channels, such as email, ZenDesk, or Slack. We have also attached a list of frequently asked questions to this document. You can view a full list via our knowledge base.
Week 1 tasks
Stakeholder | Activity | Completed? |
---|---|---|
DevOps | Configure the Qwiet integration with CI/CD using integration tokens, and ensure that it is working for a few applications | |
AD/IAM admin | Ensure that a select number of users are added to and can log into Qwiet platform and access the UI | |
AppSec | Review code analysis results for the initial apps that is available in the Qwiet UI | |
DevOps | Collect and share verbose logs with Qwiet customer success representative for troubleshooting purposes (if applicable) | |
Security champions | Allocate time for onboarding training sessions, demos, or office hours with Qwiet | |
Security champions | Gather feedback and observations from teams to share internally and with Qwiet regarding the code analysis process | |
Qwiet | Organize demos, onboarding, and office hours sessions |