Introduction

This document is intended to guide you through the SSD sandbox. SSD or Secure Software Delivery provides a comprehensive solution to real-time vulnerability risks and security breaches. It prevents and resolves vulnerabilities and risks in real time, ensuring a secure and compliant software delivery environment.

By integrating seamlessly into existing DevOps toolchains, SSD monitors and manages, thus enabling compliance, mitigating risks and safeguarding the integrity of your applications.

Overview

In this sandbox, sample applications are added and through these you can experience the following features of SSD:

• Organization Security Posture Overview - Provides a complete list of all the available applications along with their risk status and related security issues.

• Application Status Posture- Details the application’s vulnerabilities, alerts, current deployments and deployment history.

• Application and Service Histogram - A section that displays the deployment data of all the available services in a graphical representation.

• Delivery Bill of Materials (Including SBOM) - The Delivery Bill of Materials is the report of record for any deployment of an application and its security posture.

• Pre-Flight Security Assessment - Specifically compares and displays the security posture of two deployments of the same application in different environments.

• Policies and Rules - Explains the rules created for the applications security, by evaluating the data and helps in either blocking the deployment or notifying an alert to the user.

• Deployment Firewall - Deployment firewall provides a statistical representation of all the deployments for a given application. The graph displays the blocked or allowed deployments of the application.

• Security Issues: Enterprise View - Tracks the overall security gaps that had occurred in the applications.

• Security Issue Remediation - Lists the various options available for the remediation of an issue.

• Vulnerabilities: Enterprise View - Tracks the overall vulnerabilities in the applications.

• Incident Response (Smart Search) - Smart search feature that increases the ability to identify and rectify the issues swiftly.

• DevOps Tools Integrations - Lists the tools that can be integrated in SSD that thereby help in collecting data from the DevOps toolchain.

Organization Security Posture Overview:

Once you login to the product, the Organization Security Posture Overview Dashboard is displayed.

This dashboard displays the list of all the available applications along with the risk status of each application, open issues, blocked deployments, and connected tools. The page also provides a summary section of the application compliance and open security issues. The security posture of each application is based on the specific set of deployment stages (Source Code, Build, Artifact Management, and Deployment).

For detailed information on the application security posture, refer Organization Security Posture.

Application Status Posture:

On clicking any of the displayed application, the application status page is displayed. You can explore more security details related to the application's security information in the Application Status page.

You get to see the following levels of security information about the application:

1. Applications Vulnerability Posture

2. Application Overall Security Posture (Includes per service view)

3. Breakdown of where Security Issues are detected (source, build, artifact and deploy stages)

4. In addition to this, you can filter the details, based on the environment (production or staging) and get the security view of the application corresponding to the selected environment.

For detailed information on the application details, refer Application Security Posture.

Application and Service Histogram:

Navigate to the bottom of the application status page, to view the Deployment History section. This section displays the deployment history for the selected application and also its corresponding services.

For detailed information on deployment history, refer View Deployment History.

Delivery Bill of Materials (Including SBOM):

In the application status page, navigate to DBOM, that is displayed on the left panel.

The Delivery Bill of Materials is the report of record for any deployment of an application and its security posture. The DBOM displays data needed to understand the Security Posture of the application when it was last deployed.

This page gives you the progression of the security posture across the environments, and the final record when the deployment is complete. The details can be viewed at both the application and services level.

For detailed information on DBOM, refer Delivery Bill of Materials (DBOM).

Pre-Flight Security Assessment:

In the application status page, navigate to Smart Diff, that is displayed on the left panel.

Select the environments that you wish to compare the security posture for two deployments of the same application.

This is specifically designed to, compare details between the two selected environments. The displayed details include difference in the security score, images, new alerts, resolved alerts, vulnerabilities and dependencies identified in the environments.

For detailed information on Smart Diff, refer Compare Environments using Smart Diff.

Policies and Rules:

The Policies page, is where all of the data, appropriate to an application are displayed, as a result of data being collected from the customers ecosystem, and then compared to the rules that are set as security checks.

These rules are used to evaluate the data that are collected, that in turn produce the overall risk score for the application and the services that make up that application. The rules can be customized (the Severity of the rule and the Action that needs to be taken; sending alerts or blocking the deployment, can be modified) and new rules can be added.

For detailed information on Policies and Rules, refer Global Policies.

Deployment Firewall:

The deployment firewall helps in blocking the deployments based on the rules you choose as given in the Policies.

• In the application status left panel, navigate to Deployment Firewall.

To prevent a deployment in the event of a violation, the deployment firewall will carry out this deployment blocking. This page displays the reports of:

1. Allowed Deployments

2. Blocked Deployments

You can also access the rules that caused the deployment to be blocked by clicking the alerts section.

For detailed information on Deployment Firewall, refer Deployment Firewall.

Security Issues: Enterprise View

An enterprise view of all the security issues that the tool is tracking across all of the applications in the enterprise can be viewed in the security issues page. It also includes trending data to measuring the DevSecOps success through security trends:

• Navigate to Security Issues from the organization security posture page.

The summary of all the security alerts identified at each stage of a supply chain along with its details. The alert count for each stages of the deployment namely Source, Build, Artifact, Deploy are displayed as tabs.

A Smart Search option is available in this page that helps to identify the alerts, based on the options provided.

For detailed information on Security Issues, refer View Open Security Issues.

Security Issues Remediation:

The security issues identified in the application can also be fixed. By clicking on a security issue (alert) you will be given the options for remediation of the issue along with the systems suggestions on how to fix it.

The various available options are:

• Resolving the alert (which triggers an approval workflow based on RBAC)

• Applying for an Exception (which is time based and can be set up to require approval)

• Snoozing the Alert

• Ask ChatGPT (assuming it is set up)

• Create a Jira ticket for later remediation

• Send to Slack to alert other team members

Vulnerabilities: Enterprise View

An enterprise view of all the vulnerabilities and the overall vulnerability management trends are displayed in the this page.

• Navigate to Vulnerabilities from the organization security posture page.

By default, it gives you the list of all the vulnerabilities in the applications and the Top Vulnerabilities panel that displays the vulnerabilities in the order of occurrence in the application.

You can search for a particular vulnerability list using the smart search option based on Application, Environment, Severity and CVE.

For detailed information on Vulnerabilities, refer Vulnerability Management.

Incident Response (Smart Search)

In the event, if there is a Zero Day Vulnerability announced, the tool gives you the ability to identify and understand where that vulnerability is impacting your environment. This helps you to spot and resolve the issues earlier as you will be clearly given the following details of:

• What applications are impacted

• Where those applications are deployed

• What services inside the impacted applications need to be addressed

We can see based on the Smart Search for an application, the environment level view of a CVE.

Once we click on any of the affected apps, we get to view the specific service of that application that is impacted by the CVE as shown below:

For detailed information on smart search, refer to Smart Search section in the Organization Security Posture page.

DevOps Tools Integrations:

SSD is built to integrate and collect data from all of the tools in your DevOps toolchain. We provide a plugin architecture that shows all the tools that are available for integrating along with providing you a normalized view of all security data.

For detailed information on integrating CI / CD tools, refer Integrating CI and CD tools in SSD and Integrating other DevOps tools for integrating other DevOps tools.