The Continuous Dynamic Portal Menu - Assets
Select the Assets tab in the Continuous Dynamic Portal to access the Asset Management page. From here, you can review your Site and Application assets and their statuses, add assets, or update asset information individually or in bulk. Possible actions include setting the asset phase, asset status, asset tags, or scan schedule. For information on managing sites, applications, or APIs specifically, refer to Managing Your Sites, Managing Your Applications, Managing Your Mobile Applications, or Managing Your APIs.
For each asset listed, you will see any scan setup issues, such as "Needs Schedule", "Needs Codebase", "Codebase unreachable", "Needs Scanning Credentials", "1 of 1 Scanning Credentials Invalid", "Access Issue: Site is unreachable", etc. If you click the issue shown, a popup will launch that allows you to remediate the issue in question.
The Asset Management page also shows you the scan status, asset status, phase, and type, scan schedule, and service level. The final column gives the total open vulnerabilities for this asset.
Additional actions or further information are also available by:
-
Using the Bulk Actions button
-
Clicking the Vulnerability Count Link in the last column
-
Using the Quick Actions buttons under each asset name
The Scan Status of a Site asset may be shown as Access Issue: Site is unreachable. This indicates that Threat Research Center (TRC) engineers are unable to access the site to configure a scan. To view more information, select the asset to view the Site Scan tab.
Bulk Actions Button
You can act on multiple selected assets using the Bulk Actions button: select multiple assets, either manually or by using the filter and clicking the "select all" checkbox, and then choose the action you want to take. You can set the asset status, phase, tags, or schedule using the Bulk Actions button.
Click the box next to "Name" to select all assets shown:
Under the Bulk Actions button, select Asset Phase, Asset Status, Asset Tags, or Scan Schedule.
Vulnerability Count Link
The rightmost column of the Asset Management page lists the number of vulnerabilities currently open for that asset. If you click on the number, you will see the Asset Vulnerabilities broken down by rating: If you click on the "See Details" link, you will see a list of the vulnerabilities by vuln ID. |
Quick Actions
Under each asset listed, you will see the Quick Actions links.
These links will allow you to:
-
View asset details ():
Asset details include the primary and associated hostnames, any asset groups the asset is part of, the start and end dates of the last completed scan and links found, and the start date of the current scan and links found to date if any. -
View or add asset tags ():
Asset tags may be up to 25 characters, and can include only letters, numbers, the full stop (".") and underscore. -
Export vulnerability reports for the asset as csv, pdf, or xml files ():
Reports will include vulnerability ID, status, rating, retest status, last retest, date opened, date closed, vuln class, asset name, service level, and any vuln tags.
Note that exported reports will be saved to your default download location.
Filtering Your Asset List
You can filter this page using the "Filter" button to the right side of the screen:
You can filter by any or all of the following:
-
Asset Name (full or partial)
-
Asset Type
-
Service Level (PE, SE, and BE, or Source)
-
Asset URL or URI (full or any part)
-
Assets with particular Scan Setup Issues (whether related to the codebase, credentials, or configuration)
-
Asset Tags (full or partial)
-
Asset Owner (by email/UID)
-
Asset Status (active, inactive, or all)
-
Asset Type (application, site, or all)
-
Custom Asset ID (a customer-defined field of up to 20 characters)
-
Continuous Dynamic Asset ID (one or more pre-existing, Black Duck-determined Asset IDs)
-
Scan Status
-
Schedule
-
Schedule Time Zone (all assets with scan schedules set to the chosen time zone)
-
Client (if a multi-client customer)
-
Group (a group of assets including sites, applications, or both)
-
Vulnerability Rating (assets with one or more vulnerabilities at a particular rating)
Sites are those production or pre-production sites with web applications to be assessed by Continuous Dynamic. Applications are code bases or binaries, and may or may not yet be in production or pre-production. Applications are assessed by Sentinel Source.
Sites and Applications taken together are Assets.
From here you can select specific assets and edit the asset phase, status, or tags, set schedules, add a new asset (application or site), or export asset information as a .csv file.
Understanding the Asset Table
The Asset Management page will show the Asset Name, Scan Setup Issues, Scan Status, Asset Status, Asset Phase (if any), Asset Type, the asset assessment schedule, and service level (BE, SE, or PE). The final column displays a findings summary for each asset.
Whereas a site is an active website in production or pre-production, scanned dynamically, an application is code (or a binary file) in a repository or an archive that Sentinel Source will assess for vulnerabilities. An Application is defined by a name, a language, and a code base - either a code repository or an archive. For more information, please see Managing Your Sites or Managing Your Applications. |
The Asset Table
Column Label | Explanation | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Name |
This is the name of the asset in question. If you click on the "i" icon, you will see a popup that includes asset information, including any groups of which that asset is a member. |
||||||||||||||
Scan Setup Issues |
Assessments cannot be performed appropriately without scan setup information; "Scan Setup Issues" will identify which if any issues are present, including codebase absent or unreachable, credentials absent or invalid, or satellite configuration incomplete. Click on the issue link to go to a screen that will allow you to edit the asset information as required. |
||||||||||||||
Scan Status |
The status of your asset scan will be one of the following:
|
||||||||||||||
Asset Status |
The Asset Status will be "Active" or "Inactive" as set by the customer. |
||||||||||||||
Asset Phase |
The Asset Phase is a customer-set indicator of the asset’s point in the SDLC — Production, pre-production, QA, etc. |
||||||||||||||
Asset Type |
Application (code base) or Site (hostname). |
||||||||||||||
Schedule |
The Schedule column indicates the type of schedule that has been set for this asset — Continuous, Nights and Weekends (6pm to 8am), or Nights (6pm to 8am) and Weekends (24-hours). (Custom schedules can also be set by Black Duck’s Customer Success team.) |
||||||||||||||
Service Level |
The Service Level contracted for this asset — Continuous Dynamic BE, SE, or PE, or PL-E for DAST, or Continuous Dynamic SE, EE, or SCA for Sentinel Source. |
||||||||||||||
Client |
Customers who are set up as multi-client will also see a column here showing the client to which this asset belongs. |
||||||||||||||
Findings |
The findings column shows you a total for the open vulnerabilities that have been identified for that asset; clicking on the number will show you a breakdown of the open vulnerabilities by rating (Critical, High, Medium, Low, or Note). For additional information, click on the "See Details" link in the upper right corner of the popup screen. This will bring up a list of the vulnerabilities by vuln ID. |
For specific information on managing Sites, Applications, Mobile Applications, or APIs, please see the relevant sections of this document.