The essential thing in Integrates is the vulnerabilities. That is why we were implementing some changes to give the vulnerabilities the relevance that they deserve. This is why now you can accept vulnerabilities one by one and define different treatments according to your product strategy.

To accept a vulnerability, go to the Vulnerabilities tab and click on the Edit button:

After that, select all the vulnerabilities for which you want to change the treatment:

Then, as usual, select the desired treatment and the person responsible for that treatment (if applicable); finally, provide the justification.

Now you can check the current treatment for each vulnerability in the vulnerabilities table.

Remember, all features are the product of a team effort. You can be part of it and contribute to creating a new feature by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

We know that your information is your most valuable asset. This is why you can delete all your group information, including vulnerabilities details, evidence, and descriptions, at any time.

To delete a group, first go to that group's Scope tab and click at the tab's bottom on Delete this group button.

After that, you need to enter the name of the group and click on Proceed. Remember that this action will delete the group immediately and cannot be undone.

Do you think that a vulnerability reported by a tester does not apply to your application?

With Zero Risk workflow, you can provide more information to the testing team to exclude any vulnerability from the testing cycle.

Remember to provide as much information as you can to keep a complete record of excluded vulnerabilities.

All these features are the product of a team effort. You can be part of it and contribute to creating a new feature by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

What happened

• We are currently working on migrating our backend through Starlette.
• On 2020/11/20 at 15:41 (EST), our team moved the pkg to the new back. We expected this change would not affect anything, but on November 23 at 11:11 (EST), we noticed that the Executive reports weren’t generated because some paths didn’t match with the new structure.

What we’ve done

• After a debug process, our team reproduced the issue at 11:20 (COT) on 2020/11/23.
• We approved the solution on 2020/11/23 at 13:26 (COT).

What the impact was

• Users were unable to generate reports to Integrates from 2020/11/20 until 2020/11/23 at 11:30.

What we are doing to help

• We continue to standardize our backend to Starlette.
• We continue to debug the process and make tests for all functionalities in search of unexpected path problems.

What happened

• We are currently working on migrating our backend through Starlette.
• We noticed that the emails sent between 2020/11/20 and 2020/11/23 redirected to an unauthorized view and closed the session. With this transition to Starlette, we use a new path with /new, which causes some functions to be no longer available in the old path.

What we’ve done

• After a debug process, our team figured out the issue on 2020/11/20 at 18:10 (COT) and worked on the fix.
• We deployed the solution on 2020/11/23 at 09:32 (EST).

What the impact was

• Users could not use the links sent on emails that redirect to Integrates from 2020/11/20 until 2020/11/23 at 11:30 (EST).

What we are doing to help

• We continue standardizing our backend to Starlette.
• We continue debugging the process and making tests for all functionalities in search of unexpected path problems.

What happened

• We are currently working on migrating our backend through Starlette.
• We noticed that the emails sent between 2020/11/20 and 2020/11/23 redirected to an unauthorized view and closed the session. With this transition to Starlette, we use a new path with /new, which causes some functions to be no longer available in the old path.

What we’ve done

• After a debug process, our team figured out the issue on 2020/11/20 at 18:10 (EST) and worked on the fix.
• We deployed the solution on 2020/11/23 at 09:32 (EST).

What the impact was

• Users could not use the links sent in emails redirecting to Integrates from 2020/11/20 until 2020/11/23 at 11:30 (EST).

What we are doing to help

• We continue standardizing our backend to Starlette.
• We continue debugging the process and making tests for all functionalities in search of unexpected path problems.

What happened

• We are currently working on migrating our backend through Starlette.
• On 2020/11/20 at 15:41 (EST), our team moved the pkg to the new back. We expected this change would not affect anything, but on November 23 at 11:11 (EST), we noticed that the Executive reports weren’t generated because some paths didn’t match the new structure.

What we’ve done

• After a debug process, our team reproduced the issue at 11:20 (EST) on 2020/11/23.
• The solution was approved at 13:26 (EST) on 2020/11/23.

What the impact was

• Users were unable to generate reports to Integrates from 2020/11/20 until 2020/11/23 at 11:30 (EST).

What we are doing to help

• We continue to standardize our backend to Starlette.
• We continue to debug the process and test all functionalities in search of unexpected path problems.

Now checking all your vulnerabilities will be much easier!

We are currently launching a new view for vulnerabilities, where you can see their location and description in separate tabs. This way, you can obtain more precise and straightforward information to understand what is happening with your application.

All these features are the product of a team effort. You can be part of it and contribute to creating new elements by joining the Fluid Attacks Community or sending your comments to help@fluidattacks.com.

What happened

• We are currently working on standardizing our infrastructure through nix.
• At 14:33 (COT), our team deployed a change that made use of docker experimental syntax. We expected that it would only affect the base infrastructure, but, due to the way docker works internally, caches for Integrates containers were also lost.
• At the same time, one of our sub-dependencies was updated and broke our source code compatibility.

What we’ve done

• After an intensive debug process, our team reproduced the issue at 10:33 (COT) on 2020/10/10.
• We implemented a temporary solution and restored the service at 10:40 (COT) on 2020/10/10.
• We committed a definitive fix at 11:00 (COT).
• We committed a complementary solution at 11:32 (COT).

What the impact was

• Users were unable to login to Integrates or to use the API from 2020/10/09 14:33 until 2020/10/10 10:40.

What we are doing to help

• Continue standardizing our infrastructure: https://gitlab.com/fluidattacks/product/-/issues/3504
• Freezing all deps and sub-dependencies: https://gitlab.com/fluidattacks/product/-/issues/3522
• Standardizing async helpers: https://gitlab.com/fluidattacks/product/-/issues/3521

What happened

• We are currently working on a huge backend migration on Integrates. A substantial part of this change concerns the login process and Integrates’s URLs.
• After introducing this change, we noticed that we had some problems related to the Integrates deployment process. We are currently deploying a second version of Integrates for testing purposes, which is the one that is failing, oriented to support the mentioned backend migration.

What we’ve done

• We noticed the issue today, Oct 9, at 12:20 AM, and committed the fix at 12:40 AM.

What the impact was

• Users were unable to login to Integrates for 20 minutes.

What we are doing to help

• We are improving our production backend deployments—open issue.