Organization Security Posture
Last updated
Last updated
After you log in to the Delivery Shield application, the Home page appears. It displays the organization level security status based on the applications’ risk status. The status is displayed in form of summary panels.
The Application Compliance summary panel displays the total number of applications that are available and the risk level count of the total applications.
The Supply Chain Security Alerts panel displays the total number of alerts notified in the available applications.
The Delivery Shield application dashboard appears as shown below:
In the above dashboard, you can see the high level overview of your applications and the overall summary of the risks and alerts.
The Application Compliance panel displays the security status of all the applications based on the validations that happen at each stage of the software supply chain. The status is determined based on several rule validations that happen at each stage of the software supply chain for an application. Each rule is assigned a score, and this scoring, collected at the service level and application level, determines whether the application is at Apocalypse Risk, High Risk, Low Risk or Medium Risk.
You can sort the details based on the risk level by clicking on the relevant risks and the applications having the selected risks are displayed below.
The Supply Chain Security Alerts panel displays the summary of security alerts at each stage of a supply chain. On clicking anywhere in this panel, it takes you to the supply chain security alerts details page. The panel displays the alerts notified at each stage of the software supply chain namely Source, Build, Artifact and Deploy.
The list of all the applications is displayed at the bottom with more details of it. The various details of the applications that are listed are:
Application Name: Displays the unique name given for the application. On clicking the application name, the application status page is displayed.
Application Version: Displays the latest version of the application.
Risk Status: Displays the risk status of the deployment in the order of criticality namely
Scanning - When a deployment is triggered, Delivery Shield is scanning your application for any risks and then groups it as high, medium or low.
Apocalypse - The risk status of the deployment is critical.
High - The risk status of the deployment is high.
Medium - The risk status of the deployment is medium.
Low - The risk status of the deployment is low.
Tools: Displays the list of all the tools (icons) connected to ISD.
Team: Displays the team name to which the application belong to.
Deployed At: Displays the date and time of the deployment.
Open Security Issue: Displays the total number of open security issues for the given application.
Namespace: Displays the namespace of the given application.
DBOM: Displays the DBOM of the application, on clicking the View button.
Cluster: Displays the cluster name of the given application.
Owner: The name of the person who created the application.
You can choose the group or team for which you want the applications to be listed by clicking the Teams button. On clicking Teams, a popup appears as shown below:
Select the team name and click Apply. The applications related to that team or group are only displayed in the application summary panel. To know more on teams, refer Viewing Access Management.
The smart search option enables searching for applications based on Images, Application Name, Artifact, Risk Status, Cluster, Components or Vulnerabilities. You can enter the name and search for the specific application.
The following example shows searching for the applications based on the Vulnerability.
Select Vulnerability from the search dropdown. Now enter the vulnerability name as shown below and press Enter. The applications with the given vulnerability are displayed.
Select a application and click it. The environment in which the vulnerability is found is highlighted and the current deployments with the selected vulnerability are displayed as shown below.
Click on any Vulnerability count for the displayed current deployments.
The vulnerabilities details page is displayed. Click search and select Vulnerability from the search options.
Now select the same vulnerability name from the displayed list. All the components related to the selected current deployment are displayed.
You can prefer to show or hide the columns in the applications list. To do so, click the Show / Hide Columns icon. The list of available columns will appear. You can select/deselect a particular column from the drop-down to add/remove it from the applications table as shown below:
The applications that are displayed can be viewed based on the environment also. The Environment panel is provided next to the application summary panel. You can choose the environment staging or production or dev for which the applications needs to be displayed by selecting the environment dropdown.