BETA USER MANUAL - Software Assurance Marketplace
Contents
1. Who Uses the Why Use the How to Use the AMP SWAMP SWAMP Help forgot my pass j Read More Read More Read More Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research K SWAMP Version 20131022 Page 10 of 60 Update Your SWAMP Account 1 Log in to the SWAMP 2 From the Home screen click My Account to make changes to your account such as editing your profile Click Edit Profile SWAMP PROJECTS OWN Lean in Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool My Profile Given name Family name Preferred name Affiliation Email address SWAMP username Street address 1 Street address 2 City State Postal code Country Country code Area code Phone number swamp1999 lt Sign Out Sheryl PERSONAL INFO Sandberg Sheryl Morgridge Institute for Research jhurd morgridgeinstitute org ACCOUNT INFO swamp 999 330 N Orchard St ADDRESS Madison WI 53715 United States 608 PHONE 316 4705 Z Edit profile ti Delete Account x Cancel Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research ie SWAMP Version 20131022 Page 11 of 60 3 On the Edit My Profile screen make the desired changes and click Submit SWAMP Edit My Profile Given name Family name Preferred name PROJECTS OWN Affiliation Lean in Email address2. PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research SWAMP 5 You will receive a prompt asking you to confirm the deletion Click OK to delete or Cancel Version 20131022 Page 58 of 60 Assessment Tool Sharing Private Public or Protected You can share your Assessment Tools in one of three modes e Private e Public e Protected Navigate to the Tool Profile screen and click Sharing SWAMP swamp1999 lt Sign Out oW CIEE i Versions Mem rity CWE_Inspectors Tool Profile Tool name CWE_Inspectors ft Home Owner Sheryl Sandberg amp My account Creation date Friday October 18 2013 PROJECTS OWN s Edit Tool m Delete Tool fm Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Private Only the Owner can use private Assessment Tools Public Every SWAMP User can use public Assessment Tools Protected The Project Owner can choose to share the Tool with Members of Projects to which the Owner belongs Version 20131022 Page 59 of 60 Protected Assessment Tools 1 To share a protected Tool with the Protected radio button selected click a box to select Projects with which you wish to share your Assessment Too
3. OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 14 of 60 2 On the My Profile screen click Delete Account SWAMP My Profile swamp1999 lt Sign Out Given name Sheryl PERSONAL INFO Family name Sandberg Preferred name Sheryl Affiliation Morgridge Institute for Research Email address jhurd morgridgeinstitute org ACCOUNT INFO PROJECTS OWN SWAMP username swamp 1999 S Lean In Street address 1 330 N Orchard St ADDRESS Street address 2 Add new project City E PACKAGES OWN state hii d LoanToo Postal code 53715 Country United States Add new package Country code 608 PHONE Area code 316 eee ee Phone number 4705 CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research ee SWAMP 3 You will receive a prompt asking you to confirm the deletion Click OK to delete or Cancel to cancel your request Version 20131022 Page 15 of 60 Request a New Project Users must request approval for their SWAMP Projects Follow the steps below to request a Project Once approved you may invite others to join your Project Project Members can create Assessment Runs schedule Run Requests and view Assessment Results 1 On the Project Request screen click Add New Project swamp1999 lt Sign Out Project Regis
4. SOFTWARE ASSURANCE MARKETPLACE BETA USER MANUAL continuousassurance org 317 274 3942 Twitter swampteam Technical Support The SWAMP offers 24 7 support 365 days a year Following is contact information for the SWAMP Dial 317 274 3942 24 7 365 Email support continuousassurance org MECC Al SUD DON inania a a a 1 Preface crinis a E a aa 3 GIOS Sa agit ode a catee eee ower arena 3 Introduction to the Software Assurance Marketplace cccsseeseeeeeeeees 4 PACCOSS the SWAMP cerinte seat sett a 5 Register withthe SWAMP craniana aaiae sei aa a a 5 Password ReguirementsS saccdsccaceccecccctnsciees saccxespeusesncapceveseccdsceecentczscacaucecencceascems apaa aiaa Na EE AaB pasin 6 F rcotten PASS WORG 7 seisicesiscanszecacasassecssecsasaisatvalsvvisetautsseesdis ins dassdaiasdsvaeuesactinedaisdcdainndisinetnatertanseins 8 Sign in to the SVVAIMIP snccce desc nc doce nice ee hes occa aoe ae ae ender es eee eee 10 Update Your SWAMP ACCOUNK wssvisesccasssensseiscatseeisdanipeniacasvisasstugsvustiuiesatvacnicaaacaiieveenstmenunnuans 11 Change Your Pass w On Gi sissssisscvicscaiseiinccsnviciccdansicatestunsancuauedsdoussisanviccduecasbeivadeacsitdactvaenssiasnenieadeas 13 Delete Your SWAMP ACCOUN oein 14 R g est a New Project iioii ciro aiaiai iaaa aaa ara a aaa aa Earne aaa ai 16 Invite Members to Your Project ign ses cei a ee a 21 Manage Assessment RUIG c cccecceeeceeeeeeeeeeeeneseeeceeeceeeenesenssenso
5. eU EIES i Versions Sharing LeanToo Package Profile Package name LeanToo ft Home Owner Sheryl Sandberg My account 2 My Friday October 18 2013 PROJECTS OWN Edit Package i Delete Package Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 43 of 60 3 From this screen you can change the name of the Software Package Type the revised name of the Software Package and click Save swamp1999 lt Sign Out eR EIEE i Versions Sharing Edit LeanToo Package Profile ft Home 2 My account x Cancel Fields are required PROJECTS OWN Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP 4 You will receive confirmation of the change Package Profile Updated x The package profile of LeanToo Contact Manager has been successfully updated Version 20131022 Page 44 of 60 Add Update or Delete a Software Package Version View or Add a Version of a Software Package From the Versions tab you can view your Software Package or add a new version of your Software Package 1 Click the Versions tab and then click Add Versio
6. Cf Results Lean In Project Invitations The following SWAMP users have previously been invited to project Lean In Networking software Invitation Date Status John Hurd jhurd morgridgeinstitute org 9 29 13 Pending Johnny Hurd jhurd continuousassurance org 9 29 13 Pending No new project invitations Add invitation m Send x Cancel Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 23 of 60 7 Type the name and email of the person you are inviting 8 Continue to Add invitations for any others for whom you want to join your Project 9 Click Send swamp1999 lt Sign Out Q Details Assessments Run Requests Runs Results Lean In Project Invitations The following SWAMP users have previously been invited to project Lean In Networking software ft Home 2 My account Name Email Invitation Date Status John Hurd jhurd morgridgeinstitute org 9 29 13 Pending PROJECTS OWN Johnny Hurd jhurd continuousassurance org 9 29 13 Pending PACKAGES OWN Lauren Steinbeck lsteinbeck morgridgeinstitute org 3 LeanToo Add invitation m Send Cancel Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research i SWAMP Version 20131022 Page 24 of 60 10 You will receive a notification that invitations have successfully been sent to all new pe
7. allowed to use the SWAMP Freely available email accounts are prohibited for example Gmail Hotmail and Yahoo e For the SWAMP Username field the system generates an anonymous username to protect the user s identity The user can change the default username The username may be recorded in log files e For the Phone Number field the country code will be inserted when the user selects country Type the area code and the local number Password Requirements A strong password is required for access to the SWAMP Following are the minimum acceptable password requirements e Atleast ten characters e Atleast one upper case alphabetic character e Atleast one lower case alphabetic character e Atleast one digit e Symbols are encouraged e Do not use words found in the dictionary Version 20131022 Page 6 of 60 e The maximum password length is 200 characters 2 On the User Registration Form type the requested information and click Submit User Registration Form family same Sndeg jO Confirm email address ssandberg morgirdgeinstituteorg ee Strong Confirm SWAMP password ee Jo Street Address 1 30 North Orchard Stree J Street Address 2 chy e Madson JO sate we Postal code sa7is_ JO Country United States hd SWAMP password Country code Area code 7 Phone number 316 9999 7 Submit x Cancel Copyright 201 3 Software Assurance Marketplace Morgr
8. command The command used to uncompress the software Package Description public Describes the Software Package to those who have access to it Description private Private description and comments for the Owner of the Software Package 3 Click Submit to upload your Software Package You will receive a notification once the upload is complete Version 20131022 Page 40 of 60 swamp1999 lt Sign Out Add New Package namot mro jO File Choose File LeanTO0_4 0 1_MacX86_OSX dmg ft Home 2 My account version s01 dD PROJECTS OWN Source path se JO Lean In Build output path bin JO Deployment command open Build command make JO Description public LeanToo is a professional networking utility to manage contacts Add new project Add new package O Description private Open source version of Linkedin Fields are required Version 20131022 Page 41 of 60 Edit a Software Package 1 From the Home screen select a Software Package to edit SWAMP swamp1999 lt Sign Out Recent Events 2 My account PROJECTS OWN Lean In Add new project PACKAGES OWN TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research ie SWAMP Version 20131022 Page 42 of 60 2 On the Package Profile screen click Edit Package SWAMP swamp1999 lt Sign Out
9. 0 2 On the Define Run Request Schedule screen type a name for your schedule For example Tuesdays at 8 a m 3 Type a description For example Run the assessment every Tuesday at 8 a m 4 Click Add Request SWAMP swamp1999 lt Sign Out Q Details 2 Members Assessments Runs Results Add Lean In Run Request Schedule a Name Tuesdays at 8 a m ome Run the Assessment every Tuesday at 8 a m PROJECTS OWN Run Requests Fields are required Add new project Add request v Gave x Cancel PACKAGES OWN 2 My account Description LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 32 of 60 5 In the Type dropdown select Daily Weekly or Monthly e For Daily runs select the time e For Weekly runs select the day and time e For Monthly runs select the date and time 6 Add additional run times to your Run Request schedule swamp1999 lt Sign Out Q Details 2Members Assessments Runs Results Add Lean In Run Request Schedule a Name Tuesdays at 8 a m o ome amp My account Description Run the Assessment every Tuesday at 8 a m G PROJECTS OWN Run Requests Fields are required Type Day Time Add new project Y Daily s j o c x PACKAGES OWN Weekly Monthly LeanToo A
10. 9 lt Sign Out Q Details 2 Versions Bemis LeanToo Package Sharing Private ft Home This package is private and can only be seen by the package owner 2 My account Public This package is public and may be seen by any SWAMP user PROJECTS OWN gt Protected This package is shared with members of the following projects Add new project Name Affiliation Lean In Lean In Networking software Morgridge Institute of Research PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research ee SWAMP Private Only the Owner can see private Software Packages Public Every SWAMP user can see public Software Packages Protected The Project Owner can choose to share the Software Package with Members of a Project team to which the Owner belongs Shared Projects 3 With the Protected radio button selected click the check boxes to select Projects with which you wish to share your Software Package 4 Click Save Version 20131022 Page 49 of 60 Protected This package js shared with members of the following projects Name Affiliation Lean In Networking software Morgridge Institute of Research Assessment Tool Management SWAMP users may upload Assessment Tools and then edit and delete the Assessment Tools if needed Add Change and Delete Assessment Tools 1 From left pane o
11. Add new project Confirm email address PACKAGES OWN LeanToo Street Address 1 Add new package Street Address 2 i A TOOLS OWN City CWE_Inspectors State Add new tool Paniai sede Country Country code Area code Phone number swamp1999 lt Sign Out PERSONAL INFO Sheryl Sandberg Sheryl Morgridge Institute for Research jhurd morgridgeinstitute org an jhurd morgridgeinstitute org ADDRESS 330 N Orchard St Madison WI 53715 United States 608 PHONE 316 4705 Change Password x Cancel Fields are required Version 20131022 Page 12 of 60 Change Your Password 1 To select a new password click Change Password 2 See Password Requirements on page 6 for more information about creating a strong password 3 Type the new password and click Submit SWAMP swamp1999 lt Sign Out Change My Password New password Confirm new password v Submit x Cancel Fields are required PROJECTS OWN Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research 2 SWAMP Version 20131022 Page 13 of 60 Delete Your SWAMP Account 1 To delete your SWAMP account from any screen click My Account SWAMP swamp1999 lt Sign Out Recent Events Lean In Add new project PACKAGES
12. MP SWAMP Password The Software Assurance Marketplace SWVAMP is a national marketplace that provides continuous software assurance capabilities to researchers and developers Let the SWAMP help you to build better safer more secure code Who uses the Why use the How to use the SWAMP SWAMP SWAMP Help forgot my password Read More Read More Read More Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research ie SWAMP Reset Password x Please enter your SWAMP username or email address below By clicking the reset password button your password will be reset and an email will be sent to your account s email address containing your new password When you receive this email please log in and reset your password SWAMP Username Email Address Reset Password x Cancel Version 20131022 Page 9 of 60 Sign in to the SWAMP At the Welcome to the SWAMP screen sign in If you are not yet a registered user of the SWAMP you must first register If you are registered log in with your username and password to access the SWAMP dashboard SOFTWARE ASSURANCE MARKETPLACE Welcome to the SWAMP SWAMP Username I S SWAMP Password What is the SWAMP The Software Assurance Marketplace SWVAMP is a national marketplace that provides continuous software assurance capabilities to researchers and developers Let the SWAMP help you to build better safer more secure code wae inom or z Sign Up
13. P y Project Gamma Rejected Tuesday October 22 2013 PROJECTS OWN Project Gamma Wave was rejected by a SWAMP administrator Z Lean in Project Gamma Submitted Monday October 21 2013 PENDING PROJECTS i Project Gamma Wave was submitted for approval fm Kat Add new project Project Lean In Approved Monday September 30 2013 Project Lean In Networking software was approved by a SWAMP administrator PACKAGES OWN LeanToo r Project Lean In Submitted Sunday September 29 2013 Add new package Project Lean In Networking software was submitted for approval TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research g SWAMP Version 20131022 Page 20 of 60 Invite Members to Your Project Project Owners may invite others to join to their Project Project Members are able to create Assessment Runs schedule Run Request and view Assessment Results A Project Owner is automatically a Project Member 1 The Home screen lists your project under PROJECTS OWN 2 Select a Project you own 3 Click the Members tab swamp1999 lt Sign Out Q Details Assessments Run Requests Runs Results Lean In Project Profile Project full name Lean In Networking software ft Home Project short name alias Lean In My a n My account Owner Sheryl Sandberg Affiliation Morgridge Institute of Research PROJECTS OWN Creation date S
14. TFD 135 TCC 0 003952569 169960474 Private field m forward could be made final it is only initialized in the declaration or constructor Private field m_reverse could be made final it is only initialized in the declaration or constructor Private field m coarse could be made final it is only initialized in the declaration or constructor Private field m fine could be made final it is only initialized in the declaration or constructor Private field m_log could be made final it is only initialized in the declaration or constructor When instantiating a SimpleDateFormat object specify a Locale VWihan inctantintina n CimnlaNatabnemat ahiant onanifir n T annla Add Your Software Package to the SWAMP You may add and upload edit or delete your Software Packages Upload a Software Package 1 To add your own Software Package click Add New Package SWAMP swamp1999 lt Sign Out Recent Events 2 My account PROJECTS OWN Lean In Add new project 2 Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research K SWAMP 2 Complete the fields on the form Version 20131022 Page 39 of 60 Name Name of the Software Package File File to upload to SWAMP Version Revision of the uploaded software Source path The path to build specification file to build the software Package Build output path The location of the executable software after it s built Deployment
15. account Version Description 1 0 A contact manager for professional networking 10 18 18 PROJECTS OWN Lean In Add Version Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 46 of 60 2 You will receive a prompt asking you to confirm the deletion Click OK to delete or Cancel Delete Package Version x Are you sure that you want to delete version 1 0 of LeanToo Contact Manager Ok Cancel Version 20131022 Page 47 of 60 Software Package Sharing Private Public or Protected 1 Navigate to the Package Profile screen Click Sharing swamp1999 lt Sign Out eR Elita i Version Sharing LeanToo Package Profile Package name LeanToo ft Home Owner Sheryl Sandberg amp My account Creation date Friday October 18 2013 PROJECTS OWN vey Edit Package ti Delete Package Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research K SWAMP 2 The Package Sharing screen appears Package Sharing Screen Options You can share your Software Packages in one of three modes e Private e Public e Protected Version 20131022 Page 48 of 60 swamp199
16. are Assurance Marketplace Morgridge Institute for Research 4 SWAMP Version 20131022 Page 37 of 60 5 To view the Execution Record of the Assessment Run from the Runs tab under the Status field click Done MI lt Sign Out Q Details 2 Members Assessments Run Requests amp Results Zeus Assessment Runs The following assessment runs are currently available for project ZeusyDoodie ft Home 2 My account Date Time Package Tool Platform Status Pegasus PMD Red Hat Enterprise Linux 2013 09 29 7 29 04 PROJECTS OWN 4 2 2 5 0 4 RHEL6 4 64 bit Add new project Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research y SWAMP 6 When an Assessment Run is done click the Results tab to view the Assessment Results MJ lt Siga Out Q Details Members Assessments Run Requests Runs Zeus Assessment Results The following assessment results are currently available for project ZeusyDoodie ft Home 2 My account Date Time Package 2013 09 29 17 29 41 Pegasus 4 2 2 PMD 5 04 Red Hat Enterprise Linux RHEL64 64 bit View PROJECTS OWN Add new project Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research a SWAMP Version 20131022 Page 38 of 60 7 Under the Details column click View to see the results PMD 5 0 4 Report 2013 09 29 17 28 42 Summary Description Possible God class C 283 A
17. dd request wv Save x Cancel Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research i SWAMP Version 20131022 Page 33 of 60 7 Click Save Run Requests Fields are required Type Time ve s voran o Add request wv Save Cancel 1 You will receive a confirmation message Click OK Notification This run request schedule has been saved Version 20131022 Page 34 of 60 2 View your scheduled runs on the Run Request Schedules screen SWAMP swamp1999 lt Sign Out Q Details 2 Members Assessments HOR UIE CIC Ca Runs CG Results Lean In Run Request Schedules The following schedules are available to project Lean In Networking software Name Description One time Run once as soon as possible ft Home 2 My account PROJECTS OWN Mondays at 8 a m Run the assessment every Monday at 8 a m Tuesdays at 8 a m Run the Assessment every Tuesday at 8 a m x Add schedule Add new project PACKAGES OWN x Cancel LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research K SWAMP Version 20131022 Page 35 of 60 Delete a Scheduled Run Request 1 To delete a scheduled Run Request click the check box to the right of the run swamp1999 lt Sign Out Q Details 2Memb
18. er Sheryl Sandberg count i 2 My ac Creation date Friday October 18 2013 PROJECTS OWN y a A Edit Tool m Delete Tool fm Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspector Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research a SWAMP Version 20131022 Page 52 of 60 2 On the Tool Profile screen click Edit Tool 3 From this screen you can change the name of the Assessment Tool Type the name of the Assessment Tool and click Save SWAMP swamp1999 lt Sign Out Versions Sharing Edit CWE_Inspector Tool Profile Name CWE_Inspectors ft Home 2 My account v Save Cancel Fields are required PROJECTS OWN Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspector Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research os SWAMP 4 You will receive confirmation of the change Click OK Tool Profile Updated The tool profile of CWE_Inspectors has been successfully updated Version 20131022 Page 53 of 60 Add Update or Delete an Assessment Tool Version View or Add a Version of an Assessment Tool From the Tool Profile screen you can view your Assessment Tool or add a new version of your Assessment Tool 1 Click Versions swamp1999 lt Sign Out Q Detail CWE_Inspectors Tool Prof
19. ers Assessments BCR UIE CHIT Ta Runs GC Results Lean In Run Request Schedules The following schedules are available to project Lean In Networking software ft Home 2 My account Name Description One time Run once as soon as possible PROJECTS OWN Mondays at 8 a m Run the assessment every Monday at 8 a m x Tuesdays at 8 a m Run the Assessment every Tuesday at 8 a m Add new project PACKAGES OWN Add schedule x Cancel LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP 2 You will be asked to confirm the deletion Click OK to delete or Cancel to cancel your request Version 20131022 Page 36 of 60 3 The Assessment Run Requests screen reflects your requested schedule To view a description of the scheduled time hover over the name of the schedule Or click the name of the Run Request to edit the Run Request 4 Click the Runs tab to view the status of an Assessment Run MJ lt Siga Out Q Details Members Assessments Run Reque z Results Zeus Assessment Runs The following assessment runs are currently available for project ZeusyDoodie ft Home 2 My account Date Time Package Platform Pegasus PMD Red Hat Enterprise Linux 2013 09 29 17 29 04 D PROJECTS OWN 4 2 2 5 0 4 RHEL6 4 64 bit R Add new project Copyright 2013 Softw
20. escription and comments for the Owner of the Assessment Tool swamp1999 lt Sign Out Add New Tool Name CWE_Inspectors File Choose File No file chosen ft Home 2 My account Version PROJECTS OWN Tool path fm Lean In Deployment command Add new project Invocation command PACKAGES OWN LeanToo Description public Add new package TOOLS OWN CWE_Inspectors Add new tool Description private v Submit x Cancel Fields are required Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 56 of 60 Delete a Tool From the left pane on any screen under TOOLS I OWN click to select an Assessment Tool to delete lt Sign Out SWAMP swamp1999 Recent Events 2 My account PROJECTS OWN Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 57 of 60 4 On the Tool Profile screen click Delete Tool SWAMP swamp1999 lt Sign Out i Versions Sharing CWE_Inspectors Tool Profile Tool name CWE_Inspectors ft Home Owner Sheryl Sandberg My accoun i My account Creation date Friday October 18 2013 PROJECTS OWN Edit Too Delete Tool Lean in Add new project
21. h amp SWAMP 3 You will receive a confirmation message Click OK Version 20131022 Page 26 of 60 Delete an Assessment Run 1 To delete an Assessment Run navigate to the Assessments screen Click the X to the right of the Assessment Run you wish to delete SWAMP swamp1999 lt Sign Out Q Details 2 Members Run Requests Runs Results Lean In Assessments The following assessments are currently defined for project Lean In Networking software ft Home 2 My account Package Tool Platform Findbugs latest Ubuntu Linux 12 04 LTS Lucid Lynx 64 bit PROJECTS OWN Add Assessment Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research a SWAMP 2 Click OK to confirm that you wish to delete the Assessment Run Are you sure that you want to delete this assessment of Test Package using Findbugs on Ubuntu Linux Ok x Cancel Version 20131022 Page 27 of 60 3 You will receive a confirmation that the Assessment Run has been deleted Click OK Notification This assessment has been successfully deleted Schedule a Run Request 1 Click the Run Request tab and click Add Run Requests swamp1999 lt Sign Out Q Details 2 Members Assessments Runs Results Lean In Assessment Run Requests The following assessment run re
22. idge Institute for Research K SWAMP Fields are required Version 20131022 Page 7 of 60 3 You will receive an email confirmation Click OK Email Address Verification Your account was successfully created However we need to verify your email address ssandberg morgridgeinstitute org Please check your inbox and follow the link in the email that we sent you wv Ok Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP 4 You will receive a verification email Within the email follow the instructions to verify your email address Email Verification no reply cosalab org To Sheryl Thank you for registering at the SWAMP site Please click here to verify your email address and get started using the site lf you did not register at the SWAMP site please disregard this message 5 You have now completed the registration process for the SWAMP Forgotten Password If you have forgotten your login information navigate to the Welcome to the SWAMP screen and click Help I forgot my password Please enter your SWAMP User Name or Email Address and click Reset Password An email will be sent to the email address associated with your SWAMP account containing Version 20131022 Page 8 of 60 your new password Once you receive this email please sign in and reset your password SWAMP SOFTWARE ASSURANCE MARKETPLACE Welcome to the SWAMP SWAMP Username What is the SWA
23. ile Tool name CWE_Inspectors ft Home Owner Sheryl Sandberg My account Creation date Friday October 18 2013 PROJECTS OWN r Edit Tool m Delete Tool fm Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 54 of 60 2 On the Tool Versions screen click Add Version SWAMP swamp1999 lt Sign Out Q Details Sharing CWE_Inspectors Tool Versions The following versions of this software tool are available ft Home 2 My account Version Description Date 5 0 5 Finds common weaknesses in your Java code 10 18 13 o Add Version PROJECTS OWN Lean in Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research ie SWAMP Version 20131022 Page 55 of 60 3 On the Add New Tool screen complete the fields on the form Name Name of the Assessment Tool File File to upload to SWAMP Version Revision of the uploaded Assessment Tool Tool path The path to invoke the Assessment Tool Deployment command The command to install the Assessment Tool Description public Describes the Assessment Tool to those who have access to it Description private Private d
24. itute for Research 2 SWAMP Copyright 2013 Software Assurance Version 20131022 Page 17 of 60 4 The Project Request Submitted confirmation message appears Click OK Project Request Submitted xX Your request for a new project has been submitted but it still needs to be reviewed by SWAMP staff We will notify you via email once a decision has been reached 5 Upon approval you will receive a notification email The project vetting process may take up to 2 business days depending on the SWAMP staffs ability to contact the person requesting the project However we aim to process Project Requests quicker d l Find Someone SWAMP Project Lean In Networking software Accepted no reply cosalab org a A To sunday Septemd Sheryl Your project has been accepted on the SWAMP site 6 If your Project Request is rejected you will receive an email notification Note To contact the SWAMP regarding rejected projects go to http continuousassurance org contact fill out the form and send a message Version 20131022 Page 18 of 60 SWAMP Project Gamma Wave Denied no reply cosalab org To Your project has been denied on the SWAMP site Version 20131022 Page 19 of 60 7 The Recent Events screen will display the status of Project requests swamp1999 lt Sign Out Recent Events Project Kat Submitted Tuesday October 22 2013 Project Swamp Kat was submitted for approval 2 My account
25. l 2 Click Save SWAMP swamp1999 lt Sign Out Q Details i Versions CWE_Inspectors Tool Sharing Private ft Home This tool is private and can only be seen by the tool owner 2 My account O Public This tool is public and may be seen by any SWAMP user PROJECTS OWN Protected Lean In This tool is shared with members of the following projects Add new project Affiliation Biervorking software Morgridge Institute of Research PACKAGES OWN LeanToo Cancel Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research ie SWAMP Version 20131022 Page 60 of 60
26. n swamp1999 lt Sign Out Q Details Sharing LeanToo Package Versions The following versions of this software package are available ft Home 2 My account Version Description Date 1 0 A contact manager for professional networking 10 18 13 3 PROJECTS OWN Lean In Add Version Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research ee SWAMP 2 From the Add New Version screen complete the fields on the form Name Name of the Software Package File File to upload to SWAMP Version Revision of the uploaded software Source path The path to the build specification file for the source code Build output path The location of the executable software after its built Version 20131022 Page 45 of 60 Deployment command The command used to invoke the executable Description public Describes the Software Package to those who have access to it Description private Private description and comments for the Owner of the Software Package Delete a Software Package 1 To delete a Software Package navigate to the Package Versions screen Click the X next to the version you wish to delete swamp1999 lt Sign Out Q Details Sharing LeanToo Package Versions The following versions of this software package are available ft Home 2 My
27. n any screen click Add New Tool 2 Complete the fields on the form Name Name of the Assessment Tool File File to upload to SWAMP Version Revision of the uploaded Assessment Tool Tool path The path to the Assessment Tool executable Deployment command The command used to install the Assessment Tool Description public Describes the Assessment Tool to those who have access to it Description private Private description and comments for the Owner of the Assessment Tool 3 Click Submit to upload your Assessment Tool You will receive a notification once the upload is complete Version 20131022 Page 50 of 60 swamp1999 lt Sign Out Add New Tool Name File Choose File no file selected ft Home 2 My account Version PROJECTS OWN Tool path PATHS Z Lean in Deployment command aaa Add new project Invocation command Add new package COMMENTS Description public Add new tool Description private v Submit x Cancel Fields are required Version 20131022 Page 51 of 60 Edit an Assessment Tool If you need to rename an Assessment Tool you may do so here If the name of an Assessment Tool is misspelled or to accommodate a new brand name you can change its spelling 1 From the left pane of any screen select an Assessment Tool to edit SWAMP swamp1999 lt Sign Out OWCE i Versions Sharing CWE_Inspector Tool Profile Tool name CWE_Inspector ft Home Own
28. neseneseneaeenes 25 AGG ati Assessment RUM sists cases gases eoccesia aaa cae ees ect eces 25 Delete an Assessment RUM ricis ee nireak iaae aaiae Aaaa Ees Ea Aaaa E rE DEERE AAEE 27 Schedul a R n Reg tst ssn a a a N 28 Run Request Scheduling Options cccceseceeeceeeeeneeneeeeeeeneeenseeeseneseneseeees 29 One ume RUMS ainmin a a a 29 Adda New R n Request ssriseninnna aaa aee Saa aaa 31 Delete a Scheduled Run Request snssnunununnnnsnunsannnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn ananman mnnn nnna nannan 36 Add Your Software Package to the SWAMP ccccccsseeseeeeeeeeeeeeeneneneees 39 Upload a Software Package saves ivscindvasvsninesancausasassbeibetndiasuvuscsuvsncsnsdssarcavesessbss ssuasteuiisninedudeuiantins 39 Edita SoftWare Packapo spei a aAa E 42 Add Update or Delete a Software Package Version cccssesseeeseeeeneees 45 View or Add a Version Of a Software Package sssssssussusssusnunnunnnnnunnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnna 45 Delete a Software Packag esmais e e aa aaa aaa aaa ai 46 Software Package Sharing Private Public or Protected c0s008 48 Package Sharine Screen O Pun rmecninoni a aa 48 Shared ProjeCiS rriren occv eae te sac vce E accensendecttecnacwesit eststeieanstaeecatoeaveses 49 Assessment Tool Management ccccceeeeeeeeeeeeeeeeeeeneeeeeeseeneeeeneeeeneseeneaeeeeans 50 Add Change and Delete Assessment Tools ssssssssssuusunnnunnunnnunnunnnnnunn
29. nnnnunnnnnnnnnnnnnnnnnnnnnnnnnnnn nnne 50 Edi an Assessment TF OOM scsi abhi isc Ear Seiten cic aa E raaa 52 Add Update or Delete an Assessment Tool Version csccceeeeeeeeeeeeeeees 54 View or Add a Version Of an Assessment TOO ssssssssnssunnnunnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 54 Delete a TOON iie EE 57 Assessment Tool Sharing Private Public or Protected cccsseeeeees 59 Protected Assessment TOONS anirai aS ee aaa aaaeaii aa 60 Version 20131022 Page 2 of 60 Preface This document guides selected persons to use the Software Assurance Marketplace SWAMP during the beta test phase The SWAMP is state of the art software designed to serve as an open resource for software developers assurance tool developers and researchers who wish to perform continuous assurance CSWA testing in a safe secure environment The SWAMP is funded by the Department of Homeland Security and directed by academic experts in identity management cybersecurity and high throughput computing The SWAMP s mission is to improve the safety and quality of our software ecosystem by creating access to assurance tools and testing and reporting Glossary Assessment Run Specifies one Tool to assess one Software Package on one operating system Platform Assessment Tool An Assessment Tool analyzes a Software Package to find weaknesses that could lead to security vulnerabilities One person owns an Assessment Tool C
30. ontinuous Software Assurance A process that affirms software functions as intended free from vulnerabilities intentionally or unintentionally inserted into the code This is achieved through continuous assessments Execution Record Displays statistics about the scheduled Assessment Run Member See Project Member Owner A User who owns a Project Assessment Tool and or Software Package Platform The operating system environment in which an Assessment Run occurs Project A group of people working together for a common purpose for example to create better assessment tools and or to mitigate weaknesses in Software Packages Project Member A person who has accepted an invitation to join a SWAMP project Project Members are able to create Assessment Runs schedule Run Request and view Assessment Results Version 20131022 Page 3 of 60 Run Request A request to execute one or more Assessment Runs as soon as possible after the requested time Project Members can schedule Run Requests to occur daily weekly or monthly Members can schedule Run Requests that are a combination of daily weekly or monthly times Software Package A software component or system used by others User A person granted permission to belong to the Software Assurance Marketplace A SWAMP user must be a member of a project to use Assessment Tools Platforms and view Assessment Results Introduction to the Software Assurance Marketplace Bring your
31. quests are currently defined for project Lean In Networking software ft Home No run requests have been defined 2 My account Add Run Requests Edit Schedules PROJECTS OWN Lean In Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 28 of 60 2 On the Add Run Requests screen click the checkbox in front of the Run Request you wish to schedule and then click Schedule Run Requests swamp1999 lt Sign Out Q Details Members Assessments MCR ULE CIUC Ta Runs Cf Results Add Lean In Run Requests SWAMP Please select one or more assessments from the list below to run ft Home 2 My account Package Platform Ubuntu Linux 12 04 LTS Lucid Lynx 64 bit Findbugs latest PROJECTS OWN Lean in Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research a SWAMP Run Request Scheduling Options You can schedule Assessment Runs e One time or e Ona repeated schedule One time Runs 1 The schedule defaults to one time on the Schedule Run Request screen 2 If you want to schedule a recurrent Run Request click Edit Schedules 3 If you want to execute you
32. r Assessment Run as soon as possible click Submit Version 20131022 Page 29 of 60 swamp1999 lt Sign Out Q Details 2Members Assessments HOR CULETTUC Ta Runs Cf Results Schedule Lean In Run Requests Select a schedule for when to execute your run requests ft Home 2 My account One time Run once as soon as possible PROJECTS OWN gt Mondays at 8 a m Run the assessment every Monday at 8 a m Add new project v Submit x Cancel Z Edit Schedules PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research a SWAMP Version 20131022 Page 30 of 60 Add a New Run Request 1 From the Edit Run Request Schedules screen click Add Schedule SWAMP swamp1999 lt Sign Out Q Details 2 Members Assessments MOR ULE TIC Tae Runs Cf Results Lean In Run Request Schedules The following schedules are available to project Lean In Networking software ft Home 2 My account Name Description One time Run once as soon as possible PROJECTS OWN Mondays at 8 a m Run the assessment every Monday at 8 a m e Add schedule x Cancel Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 31 of 6
33. rsons invited to join your Project Project Invitations Sent x Your invitations to project Lean In Networking software have been successfully sent to all recipients Manage Assessment Runs Each Assessment Run will go through three states 1 Scheduled The Scheduled state happens after you create a Run Request for the Assessment Run 2 Running The scheduled Run Request is executing the specified Assessment Run 3 Done The scheduled Run Request has completed and Assessment Results are available Note You can view the details of each stage by clicking the current status under the Status field Add an Assessment Run 1 Click Add Assessment From each dropdown 1 Choose a Software Package and its version 2 Choose an Assessment Tool and its version 3 Choose a Platform and its version 2 Click Save Version 20131022 Page 25 of 60 swamp1999 lt Sign Out Q Details 2 Members Run Requests Runs Results Add Lean In Assessment Package ft Home Select a package to assess Select a version 2 My account Suricata v Latest PROJECTS OWN Select a tool to perform the assessment Select a version Add new project Findbugs v Latest PACKAGES OWN Platform LeanToo Select a platform to use Select a version Ubuntu Linux v Latest Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Researc
34. students to SWAMP to learn about the importance of software assurance in cybersecurity The SWAMP protects your intellectual property and personally identifiable information You control access to your Software Packages Assessment Tools and software Assessment Results The SWAMP may be used without cost by open source for profit and non profit organizations The SWAMP provides software assurance services 1 For software written in one of the top three programming languages 1 Java 2 C 3 Gt 2 For assessments using one or more most popular open source static code analysis tools Specifically 1 FindBugs On any supported Linux operating system supporting JVM 1 7 0 _17 or greater 2 PMD On any supported Linux operating system supporting JVM 1 7 0 17 or greater 3 Clang Static Analyzer C C for any supported Linux operating system 4 Cppcheck C C for any supported Linux operating system 3 For software that runs on one or more of these popular operating systems Red Hat Enterprise Linux 6 4 32 bit Red Hat Enterprise Linux 6 4 64 bit Fedora 18 64 bit Fedora 19 64 bit Ubuntu 12 04 2 64 bit Debian 7 0 64 bit 2 Pn YS Version 20131022 Page 4 of 60 7 Scientific Linux 5 9 64 bit 8 Scientific Linux 6 4 64 bit In the future the SWAMP will offer the most frequently requested Software Packages software Assessment Tools and Platforms Bring your own Software Package to the SWAMP for software assurance services using
35. the available Assessment Tools and Platforms Access the SWAMP Register with the SWAMP Signing up for access to the SWAMP requires submitting a request fora SWAMP account a username a password and some personally identifiable information Follow the steps below to use the SWAMP Please note that your privacy is important to us We will not provide your personal information to other organizations Note you must have a company or organizational email to use the swamp For example Jack Smith morgridge org Those who request an account with email addresses similar to Jack Smith gmail com or Jack Smith yahoo com will not receive access to the SWAMP Version 20131022 Page 5 of 60 1 Navigate to https beta cosalab org Click Sign Up SOFTWARE ASSURANCE MARKETPLACE Welcome to the SWAMP SWAMP Username SWAMP Password What is the SWAMP The Software Assurance Marketplace SWVAMP is a national marketplace that provides continuous software assurance capabilities to researchers and developers Let the SWAMP help you to build better safer more secure code Who Uses the Why Use the How to Use the AMP SWAMP SWAMP Help I forgot my password Read More Read More Read More Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research ce SWAMP Notes e All fields are required with the exception of Street Address 2 e For the Email address field only email addresses from institutions are
36. tration Form Full name Short name alias ft Home 2 My account Affiliation PROJECTS OWN Description Lean in Add new project PACKAGES OWN v Submit x Cancel Fields are required Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP 2 On the Project Registration Form screen complete the following fields 1 Full name The full name is the long version of your Project s name used in Project descriptions 2 Short name The Project short name or alias is the short version of your Project s name and will appear in the sidebar Version 20131022 Page 16 of 60 3 Affiliation Please include the company university or other organization with which your Project is affiliated 4 Description Please provide a description of your Project to help a SWAMP administrator approve your Project 3 Click Submit Administrators of the SWAMP shall review the information provided in the Affiliation and Description fields A SWAMP administrator may contact the User requesting a new Project before arriving at a decision Project Registration Form Full mame Lean In Networking software o Short name alias Lean In v ft Home ee 2 My account Affiliation Morgridge Institute of Research v Add new project Fields are required arketplace Morgridge Inst
37. unday September 29 2013 Accepted date Sunday September 29 2013 Add new project Description Lean In Networking software PACKAGES OWN Z Edit Profile i Delete Project LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 21 of 60 4 The Project Members screen appears Note SWAMP automatically lists the Project Owner s name 5 Click Invite New Members SWAMP swamp1999 lt Sign Out Q Details Assessments Run Requests Runs Results Lean In Project Members The following SWVAMP users are members of project Lean In Networking software ft Home 2 My account Affiliation Join Date Admin Morgridge Institute f PROJECTS OWN ma jhurd morgridgeinstitute org listing panied x Submit x Cancel Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool Copyright 2013 Software Assurance Marketplace Morgridge Institute for Research amp SWAMP Version 20131022 Page 22 of 60 6 From the Project Invitations screen click Add Invitation ft Home 2 My account PROJECTS OWN Lean in Add new project PACKAGES OWN LeanToo Add new package TOOLS OWN CWE_Inspectors Add new tool swamp1999 lt Sign Out Q Details Assessments Run Requests Runs
Download Pdf Manuals
Related Search