Big release that adds Issue tracking and automatic Quarantine of packages surpassing defined threshold levels.
Bytesafe automatically identifies and creates issues with a unique identifier. This improves traceability and visibility of where your attention is required. This is crucial to maintain your registries to understand, evaluate risks and identify remediation actions. Issues in Bytesafe help you get a holistic overview of what issues exist in your registries and which potentially can result negative impact for your applications and business.
Additionally, packages can automatically be quarantined based on your defined rules, protecting applications from exposure from potentially threatening events. Quarantine helps you protect your teams from using bad packages that contain known vulnerabilities, don’t comply with your license compliance or packages that have been deprecated.
Issues overview
All identified issues related to security and license compliance in any of your registries can be seen in the overview.
Issues are automatically generated from the Bytesafe Policies. If any issue is found you’ll automatically get a notification that a new issue has been created.
All issues are categorized by:
- Status
- Type
- Severity level
- Registry
The overview allows users to filter or search to narrow down results.
Issue details
The issue detail page allow you to see all details about the issue including a timeline (activity log) of actions related to the issue.
Users can comment on issues, change descriptions, severity levels, statuses and even descriptions. The timeline allows you to see who added the package, when a vulnerability found, who changed the severity level, who released a package from the quarantine and more.
Any Bytesafe user can be added as a watcher to a specific Issue to receive updated whenever there’s new activity.
Quarantine packages to automatically secure your workflows
A package can optionally be automatically quarantined depending on the quarantine settings in the plugin. A quarantined packaged will not be available for download from the registry as Bytesafe blocks access and therefore works like a dependency firewall.
An example of the quarantine settings for the vulnerability scanner plugin:
Looking for more information?
For more information see Issues in the Bytesafe Documentation.
For more information see Quarantine in the Bytesafe Documentation.
