Security Vulnerabilities
The N|Solid Console can be configured to perform periodic verification of all packages loaded by all N|Solid processes. All loaded packages are verified against a list of known vulnerabilities.
When new vulnerabilities are found, information about each vulnerability will be reported in the Console. Notification options can also be configured to streamline reporting.
Detecting Security Vulnerabilities
The Security View
If there are any vulnerabilities found in your applications, the Security link in the Nav Bar will be annotated with a numbered badge indicating the number of vulnerabilities found across all of your applications.
Clicking on Security in the Nav Bar will display the Security view. This view displays a list of all the vulnerabilities found across all applications.
All of the vulnerabilities found in all applications will be listed on the left. The numbered badge in that list indicates the number of applications which are affected by the vulnerability. Clicking on a vulnerability in the list will display more details about that vulnerability. The Affected Processes tab will display information about the processes which are affected.
The Affected Processes subview contains an entry for every application affected by the vulnerability. By clicking on the disclosure triangle next to the application name, a list of the module dependencies for the vulnerable package is displayed.
You can use the Hide/Show toggle on the right to have the vulnerability ignored when determining the number of vulnerabilities across all the applications.
Vulnerable Processes in the Processes View
From the Processes view, you can sort the Processes list on the right by Vulnerabilities, which will sort the currently filtered processes into two sets - Vulnerable and Secure.
The vulnerable processes will be shown with a bright red dot in the scatterplot, and secure processes will be shown with a light colored dot in the scatterplot. Clicking on the process in the Processes list will display the Process Details view, which contains additional vulnerability information.
Vulnerability Information in the Process Details View
The Process Details view contains a Modules subview, which contains information about the vulnerabilities found in the process. Clicking on the vulnerability title will display the Security view for the vulnerable module.
Configuring Notifications for Security Vulnerabilities
You can configure the N|Solid Console to notify you when new vulnerabilities are found in your applications. To configure these notifications, click the Global Notifications link on the left side of the Settings view.
Scroll down to the section Vulnerability Notifications. Here you can add Integrations to be invoked when a new vulnerability is found.
