The National Institue of Standards and Technology (NIST), has created created AppVet. AppVet is an open-source tool that IT groups can use to test applications for use on government networks. AppVet was designed to easily integrate with third party apps and tools (e.g. antivirus software, analyzers, vulnerability repositories, etc.) through simple APIs.
Steve Quirolgico, NIST Computer Scientist, explained:
“AppVet improves the app-vetting process by providing a framework for managing the app-vetting workflow, which involves uploading apps, forwarding apps to tools, receiving reports and risk assessments from tools and generating an overall risk assessment.”
AppVet 1.0 was released this month. 1.0 lays out a framework for how the app vetting system works and integrates with third party tools. The system starts vetting an application when a user submits an app to the system. AppVet then tests the submitted application against the submitting agency's requirements. AppVet doesn't accept or reject an application; rather, it provides analyses and reports that decision makers can then use to accept or reject the app.
AppVet communicates with third party tools through REST APIs. Each tool for which AppVet needs integration must use REST in order for communication. The AppVet source code distribution can be downloaded at AppVet's GitHub site. Also see the AppVet site for more information.
As app proliferation continues to spread across business and consumer environments, app developers and IT departments must be cognizant of the fact that not all apps are created equal. Government networks have always been subject to higher scrutiny, and AppVet provides an easy validation tool for those looking to deploy an app in a government environment.