In the last few days, we changed our comment component.
We did this, intending always to use secure and up-to-date components.
While for us, it implied a significant change at the platform level, for you, it is only a visual change.
We hope this change is to your liking, and we will be attentive to our support channel help@fluidattacks.com for any questions that may arise.
As part of our evolution towards having more control over the information published in our app, it is now possible to know which vulnerabilities belong to each repository.
This is the first step into a new world of possibilities. For now, the only control implemented is that only GIT Roots that do not have vulnerabilities linked to them can be deactivated.
If you see this error, don't worry. It means that the GIT Root you are trying to deactivate has vulnerabilities linked to it.
In order to deactivate it, close or eternally accept these vulnerabilities.
We will be adding more controls and use cases in the coming weeks, so stay alert for upcoming announcements.
Tracking the source code and why any portion of the software is excluded from Fluid Attacks analysis should be major issues in group management.
Therefore, if you are going to deactivate a GIT Root, you must declare why you are going to do so.
For now, the options are the following:
But we are going to add more options in the coming weeks.
A few months ago, we referred to a new model that we added to present information about vulnerabilities. In this case, we have improved this presentation by simply adjusting the texts in two columns for your convenience.
All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.
Please pay attention to the following:
From now on, to disable git roots in our Attack Resistance Management, it is necessary that you assume/accept or close/remediate all vulnerabilities associated with those roots. Remember, if you don't do this, you will not be able to disable them.
All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.
Hi there,
Not everything is vulnerabilities, risk assessment, or reattacks. There is always a place for other improvements.
It is my pleasure to announce the new way to represent the CVSS v3.1 score.
Now every metric of the score is represented by an icon helping to understand each of them.
Please check your vulnerabilities, and if you have any doubt, don't hesitate to contact us.
All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.
Our team is continuously working to provide you with a better experience.
From April 15th, you will be able to access our Attack Resistance Management (formerly called Integrates) through the following URL: http://app.fluidattacks.com/.
We recommend that you bookmark this updated URL for your convenience, as the current URL (https://integrates.fluidattacks.com/) will stop working from the announced date.
Additionally, please be aware that the API's URL will change from integrates.fluidattacks.com/api to http://app.fluidattacks.com/api.
Have data available for making decisions is the dream of any manager. But always, a context is needed. We know that, and that is why in one of our recent deployments, we add a time filter option for these three graphics:
This is useful to evaluate the team effort in specified dates.
All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.
Security and UX don't always go hand in hand, but it is one of our main goals to keep it together as possible.
A few days ago, we deployed a new DevSecOps agent version that improves its predecessor's stability, performance and usability. This new version comes with some changes to how the agent is going used.
Now, in our ARM scope section (Organization>Groups>GroupName>Scope), you will find DevSecOps Agent Token section.
Where you can copy required token to execute DevSecOps Agent.
Only group managers could view and copy the token, so if you need to get the token, please contact them.
All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.
Manage vulnerabilities could be confusing and complicated. Our team is committed to easing our customer's processes.
Simplifying treatment management, we add a new tab to the vulnerability details menu, in which you can change vulnerability treatment, define tags, or custom criticality level.
All features are the product of a team effort. You can be part of it and contribute by leaving your comments here in this post or sending them to help@fluidattacks.com.