Security Vulnerability Report of the Test suite

I am looking for the security vulnerability report for the test automation suite.
Veracode report only covers UiPath Platform, UiPath Cloud Platform & Automation Hub.

Is there a SAST \ DAST report for the Test Suite, several government agencies are looking for this information to move forward with the adoption.

I will highly appreciate if someone from the security team can any timelines or roadmap on this.

Hi @pradeep-shukla

I have verified the below info with our team

UiPath has been audited by Veracode on a continuous basis and at least once per month, UiPath performs an application Pentest. Vulnerability assessments are performed as a continuous exercise and run at least once a day. UiPath will address vulnerabilities based on the provided SLAs. UiPath leverages a number of tools to find vulnerabilities in our code and products.

All UiPath developers are trained in OWASP security guidelines and UiPath has been ISO 27001 certified since 2016. We perform automated static and dynamic (SAST/DAST) as part of our CI/CD pipeline. As well, all source code is entered into an open source software management system which keeps track of any vulnerabilities that may arise in 3rd party libraries that are leveraged in our products.

Additionally, all releases are handed over to our internal pen test team to perform manual and automated testing prior to GA release. We also have a bounty program with Hackerone. Our entire security lifecycle is audited at least twice per year by Veracode to ensure that we meet the criteria of their highest certification, Veracode Verified Continuous.

Additionally, if any customer would like to perform an on prem pentest of thier own environemnt, UiPath will gladly respond to any findings in our software stack.

Does it clarify a bit your main query? :slight_smile:

1 Like

Thanks @loginerror for the detailed overview of security procedures in place for UiPath products. Is there a documentation or a last run report on the Test Suite specifically… that will be very helpful.

Hello Pradeep,
pls reach out to thomas.stocker[at] to further discuss.