Why Use DeployHub Pro

DeployHub Pro - Continuous Vulnerability Management

Why Use DeployHub Pro

DeployHub Pro is a Continuous Vulnerability Management solution designed to improve vulnerability response in decoupled architectures. DeployHub Pro monitors and collects DevSecOps data from the CI/CD pipeline for every artifact. It unifies the data generated across the pipeline, offering a consolidated security profile of the software delivered to end users, with real-time vulnerability updates across all assets of the infrastructure. With DeployHub Pro’s integrated vulnerability management IT Teams can quickly respond to vulnerabilities and issues, gaining a clear view of how a vulnerable package is used, which applications depend on it, and where it has been deployed.

Supply Chain Catalog

Security Postures in Decoupled Environments

A crucial concept in decoupled architecture is the “logical Application.” A logical Application is a collection of independently deployed Components. Each Component has its own Software Bill of Materials report, vulnerability status and security posture. In order to report the security posture of the entire solution delivered to end users, the Component data must be aggregated to the Application level. DeployHub Pro manages logical Application Versions within a decoupled architecture, offering a comprehensive view of the software’s security posture. DeployHub Provides logical Application SBOMs, real-time Application vulnerabilities, and compliance summaries, based on both the Component and the aggregated logical Application.

DeployHub Pro surveils the DevSecOps pipeline to automatically gather security and DevOps data for all Components. DeployHub Pro captures DevSecOps data when a Component has been published, creating a new version for each release. It then creates new Application Versions for all impacted ’logical’ Applications.

Versioning Critical Security Insights

DeployHub Pro versions both Components and ’logical’ Applications. When versioning Components, DeployHub Provides insights into that versions security posture including:

  • Software Bill of Material
  • OpenSSF Scorecard
  • Common Vulnerabilities and Exposures (CVE)
  • Swagger Details
  • Readme and Licensing
  • Consuming Applications
  • Ownership
  • Git repo
  • Git Commit (Tag and branch)
  • CI/CD Build Number
  • Container SHA
  • Docker Registry
  • Key Values
  • Deployment Script (Helm Chart, Ansible Playbook, etc.)
  • Any Attributes (DB Name for example)

Application Versions are based on a collection of Component Versions. When a new version of a Component is created, DeployHub Pro auto increments the Component version and all consuming Application versions. The dashboard shows for each Application version:

  • A full map of all Components the Application version is consuming
  • An aggregated Application SBOM
  • An Application CVE report, with real-time updates
  • The specific changes that created the new Application version (your new diff report)
  • The audit history
  • Log history
  • Where the new Component is running
  • Trends (Deployment time, success failure rates)
  • An Application security posture report

Core Features

Package Vulnerability Search:

Discover where a vulnerability is running across all endpoints. DeployHub Pro shows which logical Applications are consuming a vulnerable package, and how your runtime environments are at risk.

Dependency maps:

Understand Component to Application dependencies. DeployHub Pro presents the ’logical’ view of an Application with all Component dependencies.

Application Level SBOMs and CVE:

DeployHub Pro aggregates all Component level data up to the logical Application Version making it easy to provide security reporting on a complete software system, even when it is decoupled. DeployHub Pro makes it easy to respond to government Software Bill of Material reporting as defined in Executive Order 14028.

Blast Radius:

See how a single Component impacts consuming Applications. DeployHub Pro can provide predictive insights showing what Applications will be impacted by an updated service. DeployHub Provides this data in clear maps of dependent Applications and services. The blast radius also shows which Components and Applications are impacted by a vulnerability for rapid response.

Improved incident response:

DeployHub Pro makes it easy to find the owner of Component, and contact them through PagerDuty, HipChat, Discord, Slack, email or phone.

Integrates into your CD pipeline:

DeployHub Pro is automated via the CD Pipeline to continuously version your decoupled architecture with changes, including where they are deployed.

Domain-Driven-Design:

The DeployHub Pro Domain structure organizes the software supply chain to encourage reuse and sharing across development teams.

Ortelius Open Source - Free Version

DeployHub Pro is based on the Ortelius open source project, incubating at the Continuous Delivery Foundation. DeployHub Provides a hosted version of Ortelius, or an on premise installation. Ortelius is a free open source continuous vulnerability management system that integrates with your DevOps tools. It supports unlimited endpoints, versions, and users. Learn more.

DeployHub Pro Upgrade from Ortelius Open Source

For the enterprise that needs more control over the software supply chain, and deployment features, DeployHub Provides an upgrade that includes:

Security Groups

For additional security features and support, DeployHub Pro extends Users and Group access controls, with LDAP, and more granular Domains and Subdomains.

Unique to DeployHub Pro are “Divisional Domains.” These Domains allow IT Teams to model how DeployHub Pro organizes data based on a Domain Driven Design (DDD). It also provides the ability to restrict read/write access to only certain Groups of Users.

DeployHub Pro Agentless Delivery

DeployHub Pro can help IT Teams who do not use a centralized solution for automating deployments. DeployHub Pro includes a deployment engine for pushing Components to Endpoints (Clusters, Cloud, etc.) using an agentless architecture. The deployment engine can support containers and any type of file object including executables, jar files, Apex files, and Lamda functions.

This agentless technology works for both cloud native and legacy architectures including:

  • AWS, Google Compute, Azure
  • Cloud Foundry
  • Kubernetes, Docker
  • SalesForce
  • Windows 2008, Windows 2012
  • Solaris, HP-UX, AIX, Linux
  • Microsoft Azure
  • Ubantu, Redhat, SuSe, Debina
  • Tandem, Stratus, IBM iSeries, OpenVMS, Unisys, IBM 4690
  • z/OS
  • Jetty, Tomcat, WebSphere
  • Microsoft IIS, Microsoft SQL Server, Oracle
  • Request Routers and Appliances