Orgvue Software Development Security

Owned by Paul Coleman
Last updated: 11 Nov 2022
1 min read

Are secure development processes used for Orgvue?

Orgvue software development security is governed through the Orgvue Software Development Policy and aligned to OWASP principles for secure development.

What are the release management environments for Orgvue?

All Orgvue releases pass through Development, QA and Staging before being released to Production. Production data is never processed in non-production environments.

Is Orgvue source code scanned for vulnerabilities?

Orgvue source code static analysis including software package dependencies, is automated as part of the build process in combination with manual code review and approval. Dynamic code analysis is also completed as part of the release process.

What controls are in place within the Orgvue release management process?

Orgvue Releases are initiated by privileged, non-development members of the Orgvue team via the Build Service, requiring multi-factor authentication. Successful builds are hot swap deployed into staging before test and release into production via automation tools using a blue/green deployment strategy with Auto Scaling failover.