Case Study
Frontend Development
Backend Development
Product Engineering

Helped a Technology Security Giant Secure funding of $12 Million by Improving the Platform’s Security Posture & Integration Capabilities

About This Project

The client has a robust application security operations platform widely used by companies to scale their application security effectiveness. Their vision was to integrate various security tools, implement data standardization, utilize project management tools to create and address tickets, and ultimately enhance the platform's security posture. Leveraging our strong and ongoing partnership of 2+ years, we helped the client build first-of-its-kind tools for their platform that facilitated Security Tools Integration, Resilient Project Management, and Seamless Compliance.


Frontend Development
Backend Development
Product Engineering


About the Client

Our client is a US-based Technology-Security giant with remarkable expertise in Application Security and their customers include several marquee Fortune 500 companies. They have raised a total of $25M funding out of which $14M (Series A) was raised in 2022. Their platform is one of the outstanding & leading application security operations platforms. It integrates with the customer’s security systems to remove duplicate information and analyze multiple findings on a single dashboard. This enables the security and development teams to work together effectively, gain dynamic adaptiveness, and have a single vantage point.

The platform has helped its customers achieve application security efficiency over 10 times. Moreover, it assists in saving time and money using a no-code orchestration approach & eventually automating manual tasks.

Understanding the Challenge

Our client wanted to rapidly expand their engineering team to build a Security Tools Integration platform, streamline Project Management integrations, and ensure continuous platform compliance. We identified three key tools that needed to be developed to improve the application's security posture and ensure compliance.

  • Security Tools Integration Platform - We decided to build this platform to collect information from 150+ security tools like AWS Security Hub, Buildkite, Clayton, Drone, freshservice, Gitlab, and Google Cloud. The platform would collect data at different times, either periodically, instantly, or on request. Further, the data would be presented in a standard format to analyze easily, compare, identify, and remove duplicate data entries.
  • Project Management Tools Integration - The client wanted to gather data on security incidents from Jira, ServiceNow, AzureBoard, and other similar systems and create tickets for them on a single dashboard. This will enable real-time monitoring of potential security incidents. We decided to integrate the client’s platform with other systems to deal with security vulnerabilities by tracking progress, and a timeline for issue resolution.
  • Continuous Compliance Platform - The client wanted the platform to stay compliant with regulations such as SOC-2 and HiPPA. We decided to build this tool to evaluate the system for vulnerabilities, run compliance checks, and identify room for improvement.

“Velotio’s contribution has been instrumental in scaling our platform with extended integrations and making it more secure. The team consistently demonstrates a high level of expertise and professionalism and goes above and beyond to deliver exceptional results. With our long-term partnership, we look forward to several innovative projects together”

Product Lead, Leading Technology Security Giant

How We Made It Happen

The customer approached us owing to our extensive experience in the security space. They were impressed with our demonstrated technical aptitude in platform integration projects across multiple tools and hands-on experience with major regulations such as PCI DSS, HIPAA, SOC 2,  TISAX, ISO 27001, GDPR, FEDRAMP, and ASVS.

Our highly skilled team of Tech leads, Backend Developers, DevOps engineers, and DevOps Developers took up the challenge of developing these first-of-its-kind platforms. Throughout the project, our team adhered to tight timelines and ensured that no delays occurred. 

After in-depth brainstorming, we came up with the plan of architecting two different platforms and the Project Management tools integration in parallel.

Building the Security Tools Integration Platform

  • We understood the diverse security tools and outlined common interfaces that will parse data from these tools and store them in a standard format. 
  • Post that, we made the data provide functionality for deduplication and mitigation of the vulnerabilities. This particular component was known as Parser.
  • As the next step, we added all the common interfaces to pull the data from different tools using APIs provided by the tool.
  • After having the data, we pushed that to the Parser components for further processing and added a time-based scheduling component to these tools that varied based on the customer's needs, which we named the scheduler.
  • As we integrated different tools, Scheduler helped us swiftly overcome the challenges in handling data such as network failures, rate limits, large data volumes, and incremental updates.
  • We then had the base components ready. Post this we worked on improving the platform by enriching data from various security tools, adding developer information to vulnerabilities, incorporating extra information based on CVSS values, offering SLAs, and more.
  • While making the enhancements, we added Bi-direction sync between vulnerabilities pulled and managed in the client’s platform tool. This helped synchronize the platform's status /severity /comments to the security tool and vice-versa. 
  • We then added support for webhook-based integrations to the security tools that helped us further optimize our implementation.

Integration of Ticketing Systems

  • Our client aimed to provide their customers with vulnerability resolution tracking, including triaging/fixing/resolution. 
  • We integrated the client’s ticketing system with Jira and enabled users to create and track Jira tickets from the platform. If there were any modifications in Jira those were reflected in the platform.
  • We extended our ticketing system integration to similar tools like ServiceNow/AzureBoard/PagerDuty/MSTeams/ShortCut/FreshService/Gitlab Issues.
  • We then added bi-directional sync between the platform and customer ticketing system like automatically closing/reopening tickets based on vulnerability data. This enabled the auto-creation of tickets based on certain user-defined rules and provided support for webhooks with real-time status updates.
  • We also built an application for Jira that enabled visibility to all the vulnerability information in Jira itself and helped manage the vulnerability life cycle seamlessly.

Building the Continuous Compliance Platform

  • Our client wanted to build continuous compliance as an offering of the platform. We already had the vulnerability data from their customers, we had to map these vulnerabilities to different compliances and automate them.
  • Our team had a solid grasp of multiple compliances like HIPAA/ASVS/ISO and how to create common structures around them. 
  • We then started mapping different compliance rules to find attributes like CWE/CVE, and we soon had an initial set of mapping and common data structures. 
  • We then built an initial version of a compliance platform that evaluated data approaching from multiple tools against compliance rules and started flagging compliance failures.
  • We built a dashboard for reporting compliance failures, allowing users to compare reports and customize compliance policies based on their needs, including ignoring specific rules or violations.
  • The platform ensured continuous compliance by alerting the customers when specific compliance rules were breached. These alerts were triggered as soon as the vulnerability information was pulled using the tools integrated.

We are currently assisting our client in integrating other multiple tools, enabling swift releases of new features, and ensuring compliance with industry standards. With our expertise in DevOps, we are also helping client in managing their DevOps processes using technologies like Jenkins, Terraform, and AWS. This has enabled increased collaboration between development and operations teams for faster and more efficient software development cycles.

Tech Stacks used to build the Platforms

  • Spring Boot - Used for the base framework for RestAPI/Dependency injection
  • Spring Security - Application Security
  • Spring Data - Used for interacting with different Storage layers like RDBMS/Redis/ElasticSearch
  • ElasticSearch - Primary storage for storing vulnerability data.
  • Kafka  - Async communication platform
  • AmazonS3 - Used for storing raw vulnerability data that is exported from various tools and also used for backing up the historical reports
  • SQS - Primarily used as a queue for AWS event bridge and S3 update events
  • AWS Events Bridge- Scheduling related requirements (deprecated)
  • MySQL (aws aurora) - Used for primary storage for relational metadata like user/project/organizations etc
  • Jenkins - CI/CD
  • Terraform  - Automation of AWS infrastructure creation/deployment
  • AWS  - Cloud provider for application deployment
  • Quartz - Application scheduling and job management

How Velotio Made a Difference

With the platform enhancement, we were able to help the customer secure funding of $12 Million.

Improved their platform's security posture, thereby mitigating potential risks and bolstering overall security.

Seamlessly expanded the platform's capabilities by integrating more than 150+ security tools, empowering users with a comprehensive suite of security solutions.

Streamlined project management processes by integrating 7+ project management tools into the platform, facilitating efficient collaboration and enhancing project execution.

With Velotio, achieve breakthroughs in your product development journey.

Over 90 global customers, including NASDAQ-listed enterprises, unicorn startups, and cutting-edge product companies have trusted us for our technology expertise to deliver delightful digital products.

Talk to us

Work with modern and scalable technologies

We leverage emerging technologies to build products that are designed for scalability and better usability.

Rated 4.6/5 on Clutch

325+ highly skilled engineers

With us as your tech partners, you get access to a pool of digital strategists, engineers, architects, project managers, UI/UX designers, Cloud & DevOps experts, product analysts and QA managers.

At Velotio, we hold ourselves to sky-high standards of excellence and expect the same from our customers.