Security Vulnerability Report of the Test suite

pradeep-shukla · May 19, 2022, 6:27pm

I am looking for the security vulnerability report for the test automation suite.
Veracode report only covers UiPath Platform, UiPath Cloud Platform & Automation Hub.

Is there a SAST \ DAST report for the Test Suite, several government agencies are looking for this information to move forward with the adoption.

I will highly appreciate if someone from the security team can any timelines or roadmap on this.

loginerror · May 31, 2022, 12:46pm

Hi @pradeep-shukla

I have verified the below info with our team

UiPath has been audited by Veracode on a continuous basis and at least once per month, UiPath performs an application Pentest. Vulnerability assessments are performed as a continuous exercise and run at least once a day. UiPath will address vulnerabilities based on the provided SLAs. UiPath leverages a number of tools to find vulnerabilities in our code and products.

All UiPath developers are trained in OWASP security guidelines and UiPath has been ISO 27001 certified since 2016. We perform automated static and dynamic (SAST/DAST) as part of our CI/CD pipeline. As well, all source code is entered into an open source software management system which keeps track of any vulnerabilities that may arise in 3rd party libraries that are leveraged in our products.

Additionally, all releases are handed over to our internal pen test team to perform manual and automated testing prior to GA release. We also have a bounty program with Hackerone. Our entire security lifecycle is audited at least twice per year by Veracode to ensure that we meet the criteria of their highest certification, Veracode Verified Continuous.

Additionally, if any customer would like to perform an on prem pentest of thier own environemnt, UiPath will gladly respond to any findings in our software stack.

Does it clarify a bit your main query?

pradeep-shukla · May 31, 2022, 4:09pm

Thanks @loginerror for the detailed overview of security procedures in place for UiPath products. Is there a documentation or a last run report on the Test Suite specifically… that will be very helpful.

ThomasStocker · July 1, 2022, 5:20am

Hello Pradeep,
pls reach out to thomas.stocker[at]uipath.com to further discuss.

Topic		Replies	Views
How to do penetration testing on uipath process robot? Studio activities , question	2	370	August 25, 2023
Security Report Required for Uipath Tool Academic Alliance question	2	1576	February 15, 2021
UiPath 2021.1 Monthly Update Blogs	0	659	July 14, 2021
Code Vulnerability Scan Tools Technology Integrations uiautomation , studio , question	7	2471	January 5, 2023
January 2021 Monthly UiPath Product Update \| UiPath Blogs studiox	0	782	February 2, 2021

Most Active Users - Yesterday
ashokkarale
MD_Farhan1
Ajay_Mishra
postwick
Dheerendra_vishwakarma
Anil_G
chandreshsinh.jadeja
Gautham_Pattabiraman
vrdabberu
aravindbalineni123
More details...

Security Vulnerability Report of the Test suite

Related Topics