Skip to main content

Group

Findings by tags

Finding By Tags

These are all your findings categorized by tag. Tags can be assigned at the moment of defining a treatment for your vulnerabiities, for more information click here.

Agent

By enabling DevSecOps you get access to a Docker container built specifically to verify the status of security vulnerabilities on your system. You can embed this container into your Continuous Integration system to look for changes in security vulnerabilities:

  • DevSecOps is fast and automatic, as it is created by the same intelligence of the hackers who already know your system in-depth.

  • In case the DevSecOps agent finds one vulnerability to be open, we can (optionally) mark the build as failed. This strict mode can be customized with severity thresholds and grace periods according to your needs.

  • Statistics from over a hundred different systems show that DevSecOps increases the remediation ratio, helping you build a safer system and be more cost-effective throughout your Software Security Development Lifecycle.

Service status

Service Status

Here you can see if the Agent is active or inactive.

Service usage

Service Usage

Number of times your team used the agent to check for vulnerabilities.

Repositories and branches

Repositories And Branches

You can run the agent in any of your repositories at any of its versions (commits or branches).

Your commitment towards security

Commitment Towards Security

The agent's objective is to help your team overcome security vulnerabilities. For this to work, we put two things in your hands:

  • The strict mode (which is enabled by default) helps you stop builds or deployments if there are open vulnerabilities, and thus protects your system from vulnerable code introduction.
  • However, accepted vulnerabilities on the ARM are ignored by the strict mode, and the agent will (by decision of your team) allow them to be built or deployed.

The maximum benefit is reached when the accepted risk is low, and the strict mode high.

Builds risk

Builds Risk

Risk is proportional to the number of vulnerable changes introduced into your system:

  • A build is considered vulnerable if it contains security issues.
  • The agent in strict mode stops those security issues from being delivered to your end users.

Group availability

Group Availability

The percentage of time that the group has unsolved events compared to the entire existence of the group.

Days since group is failing

Days since group is failing

Here you can see the number of days since each event is unsolved.

Pending exposure

Pending cvssf

How much exposure CVSSF is pending to find in the group.