Understand roles

• Generate/update CI Gate token: Generate and update the token to use for the CI Gate, an application that inspects builds for noncompliance with organization policies and prevents deployment if it finds any. Available at DevSecOps > Manage token > Generate/Reset.
• View CI Gate token and its expiration date: View the current CI Gate token and when it expires. Available at DevSecOps > Manage token > Reveal token.
• View CI Gate executions: Access to reports of executions of the CI Gate in your CI/CD. Available at DevSecOps.

• Add threat model files: Upload threat model files that are correlated with the vulnerabilities reported by Fluid Attacks. Available at Design Map > Files > Add.

• Delete threat model files: Delete threat model files that are correlated with the vulnerabilities reported by Fluid Attacks. Available at Design Map > Files > Delete.

• Request verification on events: Request verification that events have been resolved. Available at Events > Request verification.
• Export file in Events: Download event data as a CSV file. Available at Events > Export.

• Add file: Upload any files you find helpful or necessary for performing security tests on the group. Available at Scope > Files > Add.

• Download file: Download files helpful or necessary for performing security tests on the group. Available at Scope > Files > [Click on file] > Download.

• Delete file: Delete files no longer helpful or necessary for performing security tests on the group. Available at Scope > Files > [Click on file] > Delete.

• Delete group: Delete an unnecessary group. Available at Scope > Delete this group.
• Update group information: Update group information. Available at Scope > Information.
• Use Help options: Access help options for clients to understand vulnerabilities or features, report issues, and more. Available at Help.

• Add member: Invite members to access the group and have some or all vulnerability management functions available to clients. That is, this privilege enables granting any of the three client roles: Group Manager, User, and Vulnerability Manager. Available at Members > Invite a member.
• Delete member: Delete members from the group. Available at Members > Manage members > Delete.
• Update member: Update roles of members. Available at Members > Manage members > Edit.
• View members: View the table of members in the group. Available at Members.
• Invite contributor: Send invitations to contributor developers to register on the platform. Available at Authors > Invite.

• Receive notifications: Get notifications related to your group.
• Add hook: Add webhooks that notify of events happening in groups. Available at Integrations > Webhooks > Connect.
• Edit hook: Edit webhooks that notify of events happening in groups. Available at Integrations > Webhooks > Edit.
• Remove hook: Remove webhooks that notify of events happening in groups. Available at Integrations > Webhooks > Edit > Remove.

• Create portfolio tag: Add tags by which to sort groups within an organization. This is useful to get analytics involving specific groups. Available at Scope > Portfolio > Add.
• Remove portfolio tag: Remove a group from a specific portfolio by removing the tag. Available at Scope > Portfolio > Remove.

• Generate certificate: Generate a certificate of security testing with Fluid Attacks. Available at Vulnerabilities > Generate report > Security testing certificate.
• Generate report: Generate vulnerability reports varying in detail for a specific group. Available at Vulnerabilities > Generate report.

• Activate/deactivate repository: Deactivate and activate assets to test. Available at Scope > Git Repositories/IP Roots/URL Roots.
• Move repository: Move a repository with all its associated data to another group. Available at Scope > Git Repositories.
• Sync to Git repository: Clone the Git repository again after changes have been made; this way, Fluid Attacks can test the up-to-date version. Available at Scope.
• Add Git repository: Add Git repositories. Available at Scope > Git Repositories > Add new.
• Edit Git repository: Modify URLs and branches. Available at Scope.
• Add IP root: Add IP addresses to the scope of security testing. Available at Scope.
• Add URL root: Add URLs to the scope of security testing. Available at Scope.
• Edit IP root: Update IP root details. Available at Scope.
• Edit URL root: Update URL root details. Available at Scope.
• Add exclusions: Exclude files or folders from security assessments. Available at Scope.
• Add secrets: Add secrets (usernames, passwords, email addresses, tokens, etc.) that give Fluid Attacks access to environments to test. Available at Scope.

  After adding a secret, you cannot view it again on the platform, and only security analysts assigned to your project may access it.

• Edit secrets: Overwrite a secret's value without the stored value being shown. Available at Scope.
• Remove secrets: Remove unnecessary secrets. Available at Scope.
• Add Git environment: Add environments associated with source code repositories. Available at Scope.
• View Git environment: View environments associated with source code repositories. Available at Scope.
• Edit Git environment: Edit environments associated with source code repositories. Available at Scope.
• Delete Git environment: Delete environments associated with source code repositories. Available at Scope.
• Move Git environment: Move environments associated with source code repositories. Available at Scope.

• Vulnerability assignment: Assign vulnerability remediation responsibilities to team members. Available at Vulnerabilities > [Type] > Locations > Edit.
• False positive request: Request deletion of a vulnerability, as it poses no threat according to the organization. Available at Vulnerabilities > [Type] > Locations > Edit.
• Request reattacks: Request retests by Fluid Attacks' tool to verify the effectiveness of remediation efforts. In the Advanced plan, reattacks may involve both Fluid Attacks' tool and pentesters.
• Approve treatment: Approve or reject submissions for temporary or permanent acceptance of vulnerabilities that require explicit review before taking effect. Available at Vulnerabilities > [Type] > Locations > Treatment acceptance.
• Update treatment: Change the treatments of vulnerabilities. Available at Vulnerabilities > [Type] > Locations > Edit.
• Add tag: Add tags for vulnerabilities. Available at Vulnerabilities > [Type] > Locations > Edit.
• Remove tag: Remove tags from vulnerabilities. Available at Vulnerabilities > [Type] > Locations > Edit.
• Post comments: In the Advanced plan, communicate questions, requests, and suggestions regarding a specific vulnerability or event. In the Essential plan, view comments about reattack outcomes. Available at Vulnerabilities/Events > Comments.
• View reattack assignees: View the staff members currently assigned to perform active reattacks on a weakness. Available at Vulnerabilities.
• View verification assignee: View the staff member currently assigned to verify a specific vulnerability. Available at Vulnerabilities.

• Download vulnerability report in Analytics: Download a CSV file of details of all the vulnerabilities reported to the organization. Available at Analytics > Vulnerabilities.

• Add payment method: Add the payment method linked to the organization. Available at Billing > Payment methods.
• Update payment method: Update the payment method linked to the organization. Available at Billing > Payment methods.
• Download billing file: Download a record of the organization's billing activity. Available at Billing.

Download a compliance report: Download a report of compliance with several international standards. Available at Compliance > Standards > Generate report.

• Add credentials: Add credentials so Fluid Attacks has access to assets for testing. Available at Credentials > Add credential.
• Remove credentials: Remove credentials, resulting in Fluid Attacks losing access to them. Available at Credentials > Remove.
• Update credentials: Update credentials to maintain Fluid Attacks' access to assets. Available at Credentials > Edit.
• OAuth connection: Authorize Fluid Attacks to import source code repositories from GitLab, GitHub, Bitbucket, and Azure accounts via Open Authorization, which eliminates the need to provide the credentials for these accounts. Available at Credentials > Add credential.

• Add members: Add members with access to the organization's Analytics and Policies sections. That is, this privilege enables granting any of the two client roles at the organization level: Organization Manager and User. Available at Members > Invite a member.
• View member: View members in the organization. Available at Members.
• Update member: Update roles of members. Available at Members > Edit.
• Delete member: Delete members at the organization level. Available at Members > Remove.

• Update organization/group policies: Manage policies at the organization and group levels. Available at Policies.
• Submit weakness for temporary acceptance in Policies: Submit an org-level policy to temporarily accept all instances of a specific weakness, pending approver review. This is independent of per-vulnerability acceptance: the Days maximum, Acceptances maximum, and Severity range thresholds do not gate this submission. Available at Policies > Acceptance > Temporary acceptance.
• Submit weakness for permanent acceptance in Policies: Submit an org-level policy to permanently accept all instances of a specific weakness. Once approved, all open matching vulnerabilities are permanently accepted and future instances are auto-accepted. Available at Policies > Acceptance > Permanent acceptance.
• Approve and reject weakness for temporary acceptance in Policies: Approve and reject requests to accept vulnerabilities temporarily. Available at Policies > Acceptance > Temporary acceptance.
• Approve and reject weakness for permanent acceptance in Policies: Approve and reject requests to accept vulnerabilities permanently. Available at Policies > Acceptance > Permanent acceptance.
• Update priority score policies: Configure the formula used to calculate vulnerability priority scores. Available at Policies > Priority.

• Add repositories in Outside: Add repositories identified through OAuth access that are not yet part of any group. Available at Outside > Add new roots.
• Add group: Create groups dedicated to managing the vulnerabilities of systems separately. Available at Groups > New group.
• Add organization: Create another organization on the platform. Available on the left side of the top menu of the platform.