SD Elements Logo

A product of Security Compass

Learn More Request a 14-Day Trial


Be more proactive. Make security measurable. Go to market faster.

SD Elements is a software security requirements management solution. Using a short questionnaire, SD Elements automatically generates relevant security requirements for an application, links them to test cases and delivers them into development tools.

When building or maintaining a mature application, SD Elements effortlessly integrates with your development tools and processes to ensure your software is secure. It provides prescriptive, secure coding advice based on your project’s application technology, business and compliance drivers.

With SD Elements, vulnerability scanners and source code reviews validate that you have followed requirements eliminating costly vulnerability remediation. SD Elements scales easily to thousands of applications allowing centralized information security teams to positively influence software development across the organization with minimal process change.

View the 5 steps »



Clearly understand security requirements and test against them rather than simply testing your software with opaque tools and processes.



Integrate security seamlessly into your existing development tools, eliminating the need for major process changes.



Eliminate high-risk security vulnerabilities, saving significant costs and allowing you to bring more secure software to the market faster.


Tools to help you stay efficient

  • NEW

    New Task Notification

    Get instantaneous email notifications when a new threat emerges allowing for immediate risk mitigation, instead of waiting for a vulnerability scan or assessment

  • Benefits of Reporting

    Generate threat tables from the "Problem Summary Report", create reports for specific compliance standards, and show management progress on secure development tasks.

  • Email Notifications

    Get notified when users create new projects or update tasks. Centralized security teams can scale across hundreds or thousands of applications and still keep a pulse on what's happening on individual projects.

  • Extensible Access Control

    Lockdown access to specific features in the system by using built-in roles or by creating custom roles with fine-grained permissions

  • Auditability

    Comprehensive logging allows you to monitor changes to tasks in projects, changes to project settings, who is logging into the system, etc.

  • Enterprise Authentication

    Use your existing usernames and passwords through SAML & LDAP integration. Our partnership with OneLogin allows you to use your existing authentication database across organizational boundaries for free.

  • Scanner Integration

    Already using an automated security scanner? Find out which requirements your scanner can assess and which ones you need to manually assess. Featuring integration with Veracode, Fortify, WebInspect and AppScan.

  • Works with Agile & Continuous Integration

    Development teams can make intelligent risk trade-offs when to implement security requirements vs. other features.
    Find out more about integration with development processes.

  • New Features Added Regularly…

    More features are being added regularly. Check back to see what we've added.

"SD Elements enables our developers to stay focused on our highest goal: the security of our patients’ health information. With its intuitive user interface and simple JIRA integration, we rapidly generate relevant security requirements and incorporate them into our existing development processes. SD Elements allows us to build software with confidence, spend more time on features and waste less on remediation " – Health Care Provider

Stay on top of emerging threats

Introducing Continuous Threat Monitoring in SD Elements

Model an application in SD Elements and you'll automatically be notified via email if there are new threats that apply. This means that you can model an application today, start building security in, and be notified if a new vulnerability comes out. This gives you the capability to continuously monitor for new threats and mitigate risks immediately. Don't rely on vulnerability scans or breaches to find out about emerging threats anymore!

One public sector client rewrote a major Java EE application using SD Elements, penetration tested it and found 0 high risk vulnerabilities

Case Studies and Whitepapers

Learning and growth about security requirements

  • Ovum On The Radar

    The security industry is largely focused on detecting security vulnerabilities but less so on preventing these vulnerabilities in the first place. Security Compass has addressed this gap by producing a task-based assistant that plugs into application lifecycle management (ALM) tools and feeds advice at relevant points of development activity.

    View Report
  • image32

    With the help of SD Elements, image32 enables physicians to deliver better patient care.

    Download Case Study
  • Health Care Provider

    Health care plan provider improves application security and reduces audit findings with SD Elements.

    Download Case Study
  • How to Add Security Requirements into Different Development Processes

    Learn how to embed security into three patterns of development: agile, waterfall and continuous development. This whitepaper outlines suggestions for adding security requirements into different development processes.

    Download Whitepaper
  • 5 Steps to Starting a Software Security Requirements Program

    Security requirements are different. With a good security requirement system, you can determine the relevant threat to your applications in 15 minutes. Five simple steps to get you started on building a software security requirements program.

    Download Whitepaper
  • Automated Scaling of Security Requirements

    Learn how we built a scalable security requirements process to accurately predict over 97% of high risk vulnerabilities in penetration tests. This whitepaper outlines common challenges with security requirements, and a process for effectively automating and scaling security and other non-functional requirements.

    Download Whitepaper
  • What are Security Requirements?

    This short article describes security requirements, including differentiating continuous and one-time requirements. The article also describes attributes of a good security requirement. Explicitly stating security requirements during project inception is the perfect complement to security testing.

    View Article
  • What is Security Testing?

    This short article discusses common methods for verifying security software, including code review and run-time assessments. The article describes the various techniques and their relative strengths and weaknesses. Application security testing generally refers to testing custom or lesser-known commercial software applications for security vulnerabilities.

    View Article
ViewHide Last 5 More Articles
One healthcare organization wrote a mobile application from scratch with SD Elements and received a 99% security quality score from Veracode

ALMs we integrate with

SD Elements works with your favorite Application Lifecycle Management (ALM) tools

Build secure software with confidence in 5 easy steps.