Our DevSecOps agent breaks the build to prevent you from deploying vulnerable code. Its dedicated section on the ARM shows a clear cumulative record of its executions, specifying the builds' dates, number of vulnerabilities, types of testing, assessed repositories, among other data. You can get even more details about each execution by clicking on the corresponding table row. Go and explore it!

If you're yet to implement the agent in your pipeline, here's how you do it. Write to us at help@fluidattacks.com if you have any comments or questions about this functionality.

We love to hear from our clients and together work on enhancing the ARM. Today, we are glad to announce there is a new way of generating and downloading reports. As a prerequisite, you need to register your phone number. When you have done this, you can visit the group for which you would like to generate a report, click the Reports button and select the kind of report you want. You will receive your report via email and it will open without the need of passphrases. Thanks to this improvement, you will be able to save time when creating and opening reports. 

Bear in mind that the roles that allow you to generate reports are the vulnerability manager and user manager roles. If you want to learn more about roles, click here. Remember we work daily to improve our ARM to provide you with flexible options that adapt to your organization’s needs. We invite you to subscribe to our News channel, where we post information weekly on new features and improvements to our Attack Resistance Management platform.

Registering your phone number is a necessary step to download reports. To register your phone, click on the User information drop-down menu and select the option Mobile. Enter your phone number and click on Add. You will receive an SMS message with a verification code. Enter it and click on Verify. This way, your phone number is registered to the ARM.

Remember that at Fluid Attacks, we work daily to offer the best service to our clients. We want to keep you up to date on the features of our Attack Resistance Management platform. That is why we recommend you to subscribe to our News channel so that you don’t miss any of our announcements.

How do you like having a channel through which you can communicate requests and doubts to our hackers about types of vulnerabilities reported in your system? This is possible by visiting the Consulting subsection that you find after you select the type of vulnerability you want to address. You will see a text field where you can add your comment. Thanks to this option, you can communicate any matter regarding a type of vulnerability and view the hackers' responses, as well as their comments regarding reattack requests.

We would like to know about your experience with this section of the ARM: Has it been helpful for you and your team? You can leave us a comment here or send it to help@fluidattacks.com.

For some months, we have been working on implementing the best practices and cybersecurity standards. We are happy to announce that we are applying the Open Source Security Testing Methodology Manual (OSSTMM3). This standard provides a methodology for the accurate characterization of operational security (OpSec) through examination and correlation of test results in a consistent way. It is one of the most complete and commonly used professional standards in security audits to review the security of systems from the Internet. You can find this and other standards we are applying at Fluid Attacks in the Compliance section of our Documentation. The version used in this section is OSSTMM 3.0, published on December 14, 2010.

Tags are a useful feature to group vulnerabilities or groups so you can manage them more efficiently. On the ARM, you can find out how many vulnerabilities you have under your custom tags by looking at the Vulnerabilities by tag chart.

Remember that at Fluid Attacks we are continually working on enhancements to our platform to give our clients the best services. Don’t forget to subscribe to our News channel to stay updated.

Every day we work to improve the delivery of information through the ARM. It is crucial for us to present our clients with detailed data on each vulnerability identified within the targets of evaluation. When you click on a vulnerability on the ARM, you will see the Vulnerability pop-up window. This window presents you immediately with the Details tab. This part of the window shows you data about reattacks, treatments, as well as dates such as those of reporting and closure, among others. Thanks to this, developers and managers can gain a broad understanding of what is happening with each reported vulnerability.

Did you know that the ARM has different roles with associated permissions relevant to work on the platform? Depending on the role you have, you are granted certain permissions for management and tasks. Some functions controlled by the roles include viewing vulnerabilities, changing treatments, requesting reattacks and editing roots. If you want to know more about the different roles on the ARM, read the information under this link.

Remember that you can find your role on the ARM in the drop-down menu that appears when you click the user icon on the upper-right part of your screen. We invite you to subscribe to our News channel so you do not miss any of the information we share about ARM features.

We are constantly notifying our clients about the features and improvements we make to our ARM so that they can take full advantage of the platform. In this case, we tell you about the Unsolved events column in the group table. This lets you know how many events you have unsolved and that need your attention in each of your groups. At the same time, if you enter any of the groups with at least one unsolved event, you will see in the Events tab a red dot giving you another warning signal for you to act promptly.

Remember that at Fluid Attacks, we work daily to offer the best service to our clients. We want to keep you up to date on the features of our Attack Resistance Management platform. That is why we recommend you to subscribe to our News channel so that you don’t miss any of our announcements.

For some months, we have been working on implementing the best practices and cybersecurity standards. We are happy to announce that we are applying the Cybersecurity Capability Maturity Model (C2M2). It is a tool for evaluating and improving cybersecurity that focuses on the implementation and management of cybersecurity practices associated with information, information technology (IT) and operations technology (OT) assets, as well as the environments in which they operate. You can find this and other standards we are applying at Fluid Attacks in the Compliance section of our Documentation.