Organization Security Posture
After you log in to the SSD application, the Home page appears. It displays the organization level security status based on the applications’ risk status. The status is displayed in form of summary panels.
The Application Compliance summary panel displays the total number of applications that are available and the risk level count of the total applications.
The Supply Chain Security Alerts panel displays the total number of alerts notified in the available applications.
The SSD application dashboard appears as shown below:
Summary Panel
In the above dashboard, you can see the high level overview of your applications and the overall summary of the risks and alerts.
The Application Compliance panel displays the security status of all the applications based on the validations that happen at each stage of the software supply chain. The status is determined based on several rule validations that happen at each stage of the software supply chain for an application. Each rule is assigned a score, and this scoring, collected at the service level and application level, determines whether the application is at Apocalypse Risk, High Risk, Low Risk or Medium Risk.
You can sort the details based on the risk level by clicking on the relevant risks and the applications having the selected risks are displayed below.
The Supply Chain Security Alerts panel displays the summary of security alerts at each stage of a supply chain. On clicking anywhere in this panel, it takes you to the supply chain security alerts details page. The panel displays the alerts notified at each stage of the software supply chain namely Source, Build, Artifact and Deploy.
Application Summary
The list of all the applications is displayed at the bottom with more details. The various details of the applications that are listed are:
Application Name: Displays the unique name given for the application. On clicking the application name, the application status page is displayed.
Risk Status: Displays the risk status of the application namely; apocalypse, low, high, medium.
Tools: Displays the list of all the tools (icons) connected to ISD.
Deployed At: Displays the date and time of the deployment.
Open Security Issue: Displays the total number of open security issues for the given application.
Blocked Deployments: Displays the number of deployments that were blocked for the given application.
Owner: The name of the person who created the application.
Smart Search
The smart search option enables searching of Images, Components or Vulnerabilities. You can enter the name of the component, image or the vulnerability and search for the specific one you require.
The following example shows searching for the applications based on the Vulnerability.
Select Vulnerability from the search dropdown. Now enter the vulnerability name as shown below and press Enter. The applications with the given vulnerability are displayed.
Select a application and click it. The environment in which the vulnerability is found is highlighted and the current deployments with the selected vulnerability are displayed as shown below.
Click on any Vulnerability count for the displayed current deployments.
The vulnerabilities details page is displayed. Click search and select Vulnerability from the search options.
Now select the same vulnerability name from the displayed list. All the components related to the selected current deployment are displayed.
Show/Hide Columns
You can prefer to show or hide the columns in the applications list. To do so, click the Show / Hide Columns icon. The list of available columns will appear. You can select/deselect a particular column from the drop-down to add/remove it from the applications table as shown below:
Staging / Production / Dev Environment
The applications that are displayed can be viewed based on the environment also. The Environment panel is provided next to the application summary panel. You can choose the environment staging or production or dev for which the applications needs to be displayed by selecting the environment dropdown.
Last updated
