This platform is designed to help you manage and analyze application vulnerabilities
and risks effectively. It provides features like exporting data to CSV or PDF format,
maintaining a Risk Register, managing workloads, components, and scans, as well as
leveraging vulnerability analysis.
Export (CSV, PDF):
The Export feature allows you to generate reports in either CSV or PDF formats. You
can use this to extract data from the system and share it with stakeholders or for further
analysis.
Risk Register:
The Risk Register contains a comprehensive list of identified risks and vulnerabilities
within your applications.
Workloads:
The Workloads section in the Application Audits system allows you to manage and
organize different components of your applications. Workloads represent distinct sets of
functionalities, services, or features within your applications that need to be audited for
potential vulnerabilities and security risks.
Asset Value:
Workloads can be assigned asset values, reflecting their significance and importance to
your organization’s overall operations and security. Asset values help in prioritizing
audits and vulnerability assessments based on criticality.
Workload Update:
This field keeps track of any updates, modifications, or changes made to the workload
over time. Recording updates is essential for maintaining accurate and up-to-date
information about each workload.
Deletion Impact:
The Deletion Impact field documents the potential consequences of deleting a specific
workload. This information is critical in understanding the dependencies and
relationships between workloads and other components of your applications.
Workload Management:
The Workloads section provides a user-friendly interface to manage and manipulate the
workloads efficiently. You can perform the following actions:
Add New Workload:
Users can add new workloads like (risks alerts, share workload
risks, workload lifecycle and CI/CD HOOKS) to the system by providing the required
attributes such as Name, Description, and Asset Value.
Edit Workload:
If any changes occur in the workload, users can easily update the
workload attributes, such as its Description or Asset Value.
Delete Workload:
In case a workload is no longer needed or becomes obsolete, users
can choose to delete it from the system. However, it is important to consider the
potential impact of such deletion, as it may lead to the removal of related data and
dependencies.
Components:
Users can update new components like (risks alerts, share workload risks, workload
lifecycle and CI/CD HOOKS) to the system by providing the required attributes such as
Name and Asset Value.
Scan:
The Scan feature allows you to identify vulnerabilities in your applications. It
encompasses the following functionalities:
- Create Scan: You can initiate a scan on a specific workload, component, or agent. Choose the type of scan (Network, SAST, DAST) and set the scanning schedule.
- Types: You can initiate a scan on a specific workload, component, or agent. Choose the type of scan (Network, SAST, DAST) and set the scanning schedule.
- Types: This section defines the various types of scans supported, such as Network, SAST (Static Application Security Testing), and DAST (Dynamic Application Security Testing).
- Platform: Specifies the platforms compatible with the scanning process.
- Category: The category helps in organizing and grouping scans based on their
- Schedule Scans:
- You can configure the system to perform regular, automatic scans based on predefined schedules.
Manage Agent:
The Manage Agent functionality enables you to handle agents responsible for
conducting scans. It includes the following features:
- Custom Agent: Allows you to create custom agents with specific configurations.
- Auxin Agent: Provides the option to use the Auxin Agent, a pre-configured scanning agent.
- Create, Update, Delete: You can create, delete, and update agents as required.
- Offline Mode: Agents can be switched to offline mode to temporarily suspend scanning operations.
- Category: The category helps in organizing and grouping scans based on their
- Schedule Scans:
- You can configure the system to perform regular, automatic scans based on predefined schedules.
Vulnerabilities:
The Vulnerabilities section is a critical component of the Application Audits system,
focusing on the identification and management of potential weaknesses and security
issues within your applications.
AI Assistance:
The AI Assistance feature is an advanced and intelligent tool that aids in the analysis of
identified vulnerabilities. It provides valuable insights into the risks posed by these
vulnerabilities, assisting your team in understanding the severity and potential impact on
your applications.