< Back to all manuals

Xcalscan User Manual (Release 2.0.0)

Xcalscan User Manual (Release 2.0.0)

What is Xcalscan?

1.1 Quality First and Security by Design

latest update: 2021-06-15

We promote a quality first mindset and a security by design approach. We emphasize that users should integrate Xcalscan into the security and privacy processes of their software development lifecycle. It is best when done frequently, and where possible automatically. It should be used when code is committed to the repository and should be used in regular team code reviews. Source code should be scanned with Xcalscan and then reviewed and verified by team leaders, and then allocated to team members with the proper follow-up and verification.

For a quality first approach to your work, it is best to ensure:

  • Regular training to the whole team.
  • Documentation of the processes and regular reviews by management.
  • Proper process is in place for third-party vetting, vulnerability testing, and sunsetting.
  • Strengthening of expertise on security, quality and privacy.
  • Proper compliance committees and the right level of visibility to the management team and the board.


Vulnerability testing should be conducted along with other proactive governance practices to ensure the proper implementation of a security and a privacy-first working practice. For better compliance and oversight you can include the following in your regular process:

  • Third party risk assessment through static analysis.
  • Proper approvals before the integration of any third-party application into code.
  • Independent code audit.
  • Regular external security verification of code which can be done by black-box or white-box testing methods.
  • Proper QA oversight of the above processes by QA or security professionals in your organization.


It is also important to create a high-level awareness of the need for proper security vetting of code and improved diligence in the implementation of quality and security processes by ALL team members.