Home Contact Us Blog

View Open Security Issues

Whenever a deployment happens, the Deployment Firewall analyses the deployment against the policies that are configured and incase if any risks are identified then an alert is generated.

The Supply Chain Security Alerts page displays the summary of all the security alerts identified at each stage of a supply chain along with its details. The alert count for each stages of the deployment namely Source, Build, Artifact, Deploy are displayed as tabs.

  • A toggle button is given below the tabs to toggle the list of alerts displayed between All Deployments and Current Deployments.

  • Choose the time period for which you want the alerts to be displayed using the Show Data for drop down.

The page displays the following panels at the top:

  • Alerts by Severity - This panel displays the alerts as a graph chart based on the severity of it, namely: Critical, Normal, High and Low.

  • Alerts by Stage - This panel displays the alerts as a bar chart based on the number of alerts detected at each stage of deployment, namely: Source, Build, Artifact and Deploy.

The following details of the alerts are displayed at the bottom of the page:

  • Alert - Displays the name of the alert in the respective application. On clicking the alert, a popup is displayed which gives a detailed summary of the alert and suggestions to rectify it.

  • Severity - Displays the severity or level of importance of the alert namely MAJOR, CRITICAL, NORMAL, MEDIUM, and LOW (the severity is calculated based on the policy validations that are done across the software delivery lifecycle).

  • Stage - Displays the stage (build, artifact, source or deploy) in which the alert is identified.

  • Application - Displays the application name in which the alert is found.

  • Account - Displays whether the alert is found in staging or production environment.

  • Image - Displays the image in which the alert was identified.

  • First seen - Displays the time details of when the alert was first identified.

  • Status - Displays the status of the displayed alert.

  • Owner - Displays the owner of the alert.

Smart Search

The smart search option is available in this page, is used to search for Alerts; based on Account, Application, Image, Rule, Severity, Stage and Tags.

The following example shows how to search for the alerts based on the Rule.

  • Select Rule from the search dropdown. The various rules available are displayed. Select the checkbox near the rule for which you want to filter the assigned alerts.

  • The Alerts that oblige with the selected rule are displayed.

Alert Popup

The popup that appears on clicking the alert gives a detailed summary of the alert.

It displays the following details related to the alert:

  • Severity - Displays the severity of the alert namely; Critical, High, Medium or Low is displayed.

  • Stage - Displays the stage in which the alert was deducted.

  • Application - Displays the application name in which the alert was identified.

  • Account & Image - Displays the associated image of the application.

  • Version - Displays the version of the application.

  • First Seen - Displays the timestamp on when the alert was found initially.

  • Owner - Displays the name of the person who created the application.

Rule Description: This gives a detailed description of the identified alert.

Violation: This explains the impact of the alert on the repo.

Suggestions: This section suggests the possible work arounds that can be done to help resolve the alert.

Actions on Alerts

Various actions can be performed on the displayed alerts. The options are displayed at the bottom of the alert popup page. The different actions that can be performed on the displayed alerts are as follows:

Resolve Alert

The alerts displayed in the supply chain details page can be resolved. You can resolve the alert by following the steps provided below:

  • Click Resolve Alert from the options displayed in the popup on clicking the alert.

  • Another pop up is displayed.

  • Enter the comments for resolving the alert and click Resolve.

  • The alert is resolved. It becomes inactive and is removed from the active alert lists.

Send to Slack

The alerts that are notified in the application can be shared through slack. The slack channel to which you want to send the alert can be configured and thus the alert is shared to the respective channel.

  • Click Send to Slack from the options displayed in the popup on clicking the alert.

  • An alert is sent to the configured slack channel and a success message is displayed.

PreviousApplication Security PostureNextView Current Deployments

Last updated