<?xml version="1.0" encoding="UTF-8"?><ns2:project xmlns:ns1="http://gtr.rcuk.ac.uk/gtr/api" xmlns:ns2="http://gtr.rcuk.ac.uk/gtr/api/project" xmlns:ns3="http://gtr.rcuk.ac.uk/gtr/api/fund" xmlns:ns4="http://gtr.rcuk.ac.uk/gtr/api/person" xmlns:ns5="http://gtr.rcuk.ac.uk/gtr/api/project/outcome" xmlns:ns6="http://gtr.rcuk.ac.uk/gtr/api/organisation" ns1:created="2026-06-03T15:52:43Z" ns1:href="http://gtr.ukri.org/gtr/api/projects/29BF68B1-9ABB-48CC-9935-C290A848B63F" ns1:id="29BF68B1-9ABB-48CC-9935-C290A848B63F"><ns1:links><ns1:link ns1:href="http://gtr.ukri.org/gtr/api/persons/883B3E48-17F2-4C96-A97B-371F9BAB0ECA" ns1:rel="PM_PER"/><ns1:link ns1:href="http://gtr.ukri.org/gtr/api/organisations/3CAA4800-DE30-4FD0-82C5-FED638CABBD8" ns1:rel="LEAD_ORG"/><ns1:link ns1:href="http://gtr.ukri.org/gtr/api/organisations/3CAA4800-DE30-4FD0-82C5-FED638CABBD8" ns1:rel="PARTICIPANT_ORG"/><ns1:link ns1:end="2021-03-30T23:00:00Z" ns1:href="http://gtr.ukri.org/gtr/api/funds/9CE9F11E-EFBD-40C6-A4E0-FE9CCC300A60" ns1:rel="FUND" ns1:start="2020-06-30T23:00:00Z"/></ns1:links><ns2:identifiers><ns2:identifier ns2:type="RCUK">69386</ns2:identifier></ns2:identifiers><ns2:title>Tooling to Expedite Pipeline Based Security Testing (REX)</ns2:title><ns2:status>Closed</ns2:status><ns2:grantCategory>Feasibility Studies</ns2:grantCategory><ns2:leadFunder>Innovate UK</ns2:leadFunder><ns2:abstractText>Whether it be to communicate with our family and friends, pay our bills, or order goods and services online, we all use software; increasingly this is via smartphones and tablets. As consumers, we trust that this technology is secure, tested and safe for us to use, but this isn't always the case. Security testing isn't mandatory, so it's up to developers to decide how, or indeed if they want to do it.

Digital Interruption are not just experts in security, we're also developers. We want to make security testing easier for developers, so we take the tools we use in penetration and security testing and develop them for software engineering teams. Instead of a complex manual tool used for security testing, we've developed software tooling, REX, that allows companies to integrate the security test into their development pipelines. Our tools are not archaic command-line tools that require a deep understanding of the platform to set up and use, but instead they are tools that have APIs in order to manage scanning and develop of test cases.

We've created a web application frontend that allows anyone to easily perform a security test at all points in the development process, simply by dragging and dropping the application into REX. We've also developed a Jenkins plugin that can be set up to perform a security scan every time an Android application is built. Using the plugin, Jenkins can automatically fail the build, informing the developer that a security issue is present.

As the scans are automated, it means that software developers have the benefit of having the scans run every time the software is built, rather than a more traditional approach to security which is having scans run every 6 months to a year. This gives greater feedback, better visibility and catches issues that may be reintroduced, enabling continuous detection and remediation, and resulting in safer software.

Additional Information: Following feedback from users we have increased the scope of our original project to include REX branding and a dedicated REX website, to advertise REX and facilitate purchase of the licence. The website will also educate users and potential customers on REX functionality and uses as well as relevant security best practice through documentation, guides and FAQs. Video walk-throughs will be available on how to use and integrate REX. 

As part of a revised marketing and engagement strategy we will create a schedule of security focused content for the website, tailored to developers and software testers to support them in embedding security into their products. The website will also facilitate the announcements of new REX features, such as new integrations, the bespoke test cases feature testing that we have also added in to the scope, and the iOS engine that we will be scoping as part of the project extension.</ns2:abstractText></ns2:project>