Planning and Preparations

Things to plan and prepare before starting an actual Seeker implementation.

Identify problems and needs to solve with Seeker

The first step in the implementation starts with revisiting the original purchase decision, the ideal solution and decision criteria, and answering some questions, such as:

  • What is the problem that you want Seeker to solve?
  • Are there particular needs and use cases that you have in mind? Here are some examples:
    • QA needs to run security analysis tools that do not require security expertise.
    • Developers need to find and fix security vulnerabilities before merging code to master branch.
    • Need to analyze 3rd components used in your applications, but don't have access to their source code.
    • Need to perform security compliance checks in CI/CD pipeline by stopping a build if an application doesn't comply with the security policy.

Also, determine if Seeker will be replacing or be used in conjunction with other application security tools currently used in your organization.

Once the use cases are identified, it is important to define your organizational goals, identify applications that will be onboarded first and by when, and establish project timelines.

Choose first applications and teams for Seeker implementation

The identification, definition, and implementation of quick wins is an important step in ensuring early support and trust from all key stakeholders. It is often tempting to choose high-profile applications as part of quick wins. While these applications may have high visibility, any missteps can be counterproductive. A good rule of thumb is to pick applications and teams that are big enough to matter but small enough to win.

In early stages, pick applications and teams that will create success stories and set the standard. You don't necessarily need to start with the most critical and complex applications.

Set up teams

For each application you will need to enlist core stakeholders from various teams that would be using the tool:

  • Development team: to configure application servers for security testing, to analyze and remediate vulnerabilities.
  • QA team: to ensure good testing coverage
  • DevOps team: to help integrate security testing in CI/CD pipeline.
  • Security champions: to help with the tool adoption, remediation strategy, and overall improvement in security posture.

Define project timelines

Define a timeline for your Seeker implementation project. For example: