SAP product standard security requires a basic compliance against Content Security Policy (CSP) with Product Standard security requirement. The checking for a “basic” compliance is currently a non-automated manual process which is time and resource consuming for developers and quality engineers. By leveraging automated UI testing together with up-to-date browser CSP violation reports can be generated and are sent to a central receiving service.
The goal would be to build such a reporting service to consume the outputs from automated testing results and list/display non-compliances for quality persons. With this service in place, SAP product standard security compliance could be validated easily for all applications. No manual compliance checks are required any more.