Findings by tags
These are all your findings categorized by tag. Tags can be assigned at the moment of defining a treatment for your vulnerabiities, for more information click here.
By enabling DevSecOps you get access to a Docker container built specifically to verify the status of security vulnerabilities on your system. You can embed this container into your Continuous Integration system to look for changes in security vulnerabilities:
DevSecOps is fast and automatic, as it is created by the same intelligence of the hackers who already know your system in-depth.
In case the DevSecOps agent finds one vulnerability to be open, we can (optionally) mark the build as failed. This strict mode can be customized with severity thresholds and grace periods according to your needs.
Statistics from over a hundred different systems show that DevSecOps increases the remediation ratio, helping you build a safer system and be more cost-effective throughout your Software Security Development Lifecycle.
Here you can see if the Agent is active or inactive.
Number of times your team used the agent to check for vulnerabilities.
Repositories and branches
You can run the agent in any of your repositories at any of its versions (commits or branches).
Your commitment towards security
The agent's objective is to help your team overcome security vulnerabilities. For this to work, we put two things in your hands:
- The strict mode (which is enabled by default) helps you stop builds or deployments if there are open vulnerabilities, and thus protects your system from vulnerable code introduction.
- However, accepted vulnerabilities on the ARM are ignored by the strict mode, and the agent will (by decision of your team) allow them to be built or deployed.
The maximum benefit is reached when the accepted risk is low, and the strict mode high.
Risk is proportional to the number of vulnerable changes introduced into your system:
- A build is considered vulnerable if it contains security issues.
- The agent in strict mode stops those security issues from being delivered to your end users.
The percentage of time that the group has unsolved events compared to the entire existence of the group.
Days since group is failing
Here you can see the number of days since each event is unsolved.
How much exposure CVSSF is pending to find in the group.