Applications and Their Security Posture
Understanding Applications and Application Versions
Applications are a collection of Components that are released as a single software solution to end users. You define an Application by associating the Components it will consume. The first time you define an Application, it is referred to as the Application Base Version. When you change the Application Base Version, you create a new Application Version. Applications are assigned to Environments and Domains.
-
Application Base Version : Defines the software product in terms of Components, Attributes, and assigned Environments.
-
Application Version : This child of the Application Base Version represents changes and can be deployed just as an Application Base Version is. For instance, your Application Base Version may be called MyApp;1, subsequent versions would be automatically named MyApp;2, MyApp;3, etc.
Applications and their Components
Applications are defined by the Components they consume. As with Components, Applications have versions. When a new Component is published by the CI/CD workflow, DeployHub is called to automatically create a new Application Version. For more information on this topic, see the Adding Your Components and Applications to DeployHub.
Adding New Application Versions Automatically via Continuous Delivery
Applications and new Application Versions can only be added via the CI/CD process. Configure a CI/CD workflow to automatically update new Application versions each time a new GitCommit triggers a new Component that your Application consumes. DeployHub in the workflow performs this continuous versioning of new Components and their consuming Applications. For more information, see Using DeployHub with CI/CD.
Viewing Applications
Use the Application List View accessible from the left hand Application menu option. This will take you to a list of the latest Application Versions to which you have access.
The list view is organized on the following columns:
| List Column | Description |
|---|---|
| Version | The Application Base Version or Application Version number. |
| Domain | The Domain to which the Application belongs. |
| Environment | The Environment to which the Application has been deployed. Each Environment will represent a different row in the List View table. |
| Deployment Log | The Deployment Log number. |
| Completed | The date and time of the last deployment to the listed Environment. |
| Results | Success or Fail. |
You can also use the Filter bar, represented by a funnel icon, to reorder your Application List View by:
- Domain
- Environment
- Last Deployment
- Parent
- Result
- Version
Additional Tabs from the Application List View
The Application List View has the following Tabs.
| Tab | Description |
|---|---|
| Refresh | Refreshes the browser. |
| Delete | Deletes the selected item. However, you must delete the Applications starting from the newest to the oldest. The Application Base Version would be deleted last. Sorting by “Version” gives you the order. |
| Package Search | Allows for the search of a particular package across all Applications and Components. Use this feature to quickly find where a vulnerable package version is running. |
| Reports | Generate a Compliance Summary report, Dora deployment frequency, Dora lead time to change or export a federated SBOM to meet government requirements such as EO 14028. |
Viewing and Editing with the Application Dashboard
Double click on an Application Version to see the Dashboard view. The Dashboard view displays all information related to the latest Application Version selected from the List View. This view of the Application Version shows you the security posture including OpenSSF scorecard, Software Bill of Materials report, and real-time vulnerabilities. In addition, you can view how the Application Version is impacted by Components, or view the DevOps details.
The Dashboard view has two additional Buttons - Versions and Compare
Viewing all Component Versions
You can view a list of all Application Versions by selecting the “Versions” button displayed after the Application’s name at the top of the Dashboard.
Comparing Two Component Versions
You can compare your current Application Version with any other Application Version by selecting the Compare button. You will be provided a list to select your second Component Versions for the comparison.
Security Posture Section
View the Application Version Software Bill of Material Report, and Real-time vulnerabilities.
Federated Software Bill of Materials Report
This section is a summary the Applications federated Software Bill of Materials (SBOM) report showing all of the packages consumed by the ’logical’ Application Version. An Application SBOM provides a detailed report of all Component SBOM data within the Application, with duplicates removed. When a Component is updated, DeployHub automatically generates a new version of all Applications that use that Component, along with a new aggregated SBOM.
Note: If you need to produce an Application Version SBOM for governance reporting or sharing, you can export the SBOM from the Application List View Reports menu option.
Vulnerabilities
Using the aggregated Software Bill of Materials, DeployHub cross-references all Component packages within the Application against known vulnerability databases such as OSV.dev. DeployHub will scan for new known vulnerabilities every 10 minutes, and update the dashboard.
Note - This list may be incomplete if one or more of your Package Components do not have an associated SBOM that can be used to gather vulnerability data.
Impact Assessment
Track the Component Versions that the Application Version is dependent upon. This view gives you a list of the Components that the Application requires. In addition, this view provides links to the selected Component Version, and deployed locations of the Component.
Application DevOps Details
Below are the Details for an Application.
| Details | Description |
|---|---|
| Full Domain | The fully qualified path of the Domain that the Application is to be associated with, showing all parent Domains. |
| Name | The Name of your Application. |
| Description | A short description of your software system. |
| Change Request DataSource | Establishes the Change Request system for the Application. A Change Request Data Source must be pre-defined for this field to be used. |
| Pre-Action | An action executed prior to the deployment. |
| Post-Action | An action executed at the completion of deployment. |
| Custom Action | Overrides any Pre or Post Actions, such as calling an external solutions such as Helm. |
| Successful Deployment Template | Used for success notifications. |
| Failed Deployment Template | Used for failure notifications. |
| Log History | Applications can be deployed many times, to the same or different locations (Environments). For every Deployment, the Log History will show all deployments based on “Result” and “Date |
| Key Value Configuration | This list shows the key values used as part of the Application Version deployment. This data can be added manually or updated via the CI/CD process. |
Key Value Configurations
Key Value pairs are stored for any configuration setting that needs to be persisted with the version of the Object. For example, pairs can be used to store issue numbers from Jira or GitHub issues with the Component Version and/or Applications Version.
For users of the DeployHub internal deployment engine, Key Value pairs can be stored by DeployHub and referenced during a deployment.
Key Value pairs can be assigned at multiple levels, from the Global Domain down to an individual Component and have a “scope.” Lower level Objects can override a higher level Object. Below is the order in which Key Value Pairs can be overridden:
| Object | Description |
|---|---|
| Global | Contains all Environment variables and any “additional Key Value Pairs” set by the user when running that task. |
| Environment | Overrides any Global Key Value Pairs during a deployment. |
| Application | Overrides the Environment Key Value Pairs during a deployment. |
| Endpoint | Overrides the Application Key Value Pairs during a deployment. |
| Component | Overrides the Application Key Value Pairs during a deployed. |
Key Value Pairs can be given any Name and a Value. Use +Add to add Key Value Pairs to the table. Use Save to confirm. Use the checkbox to Delete or Edit a Key Value Pair.
Audit Trail
The Audit Trail displays audit entries for any changes that impact this Object.
-
Comment: Click on ‘Comment’ to add information. There is a field above the list labeled “Say something about this Object” that can have written comments placed into it, or files can be attached to the comment. Entering text into this field activates the Add Message button. Click to save the comment as a line in the list.
-
Add Files to Comments: Click on the paperclip icon to add a file to the message. Once done, click on the “Add Message” button. These attachments can later be retrieved by clicking on the paperclip icon which then displays the name of the file within a list. Choose the file to download it into the your default Download directory on your local computer.
Deployment Audits
For deployment audits, select a deployment number to see the details including:
| Access | Description |
|---|---|
| Log | The output of the deployment. |
| Files | Any files or objects deployed. |
| Step Duration | Deployment Steps with time required to execute. |
| Feedback Loop | Shows what was updated starting from Component. |
When using the internal DeployHub deployment engine, all log output is automatically persisted with the Application Version and Component Version.
If you are using another deployment solution, you can persist the log via the CI/CD workflow. The output from the deployment can be passed to the CLI to be persisted with the Application Version and Component Versions. Learn more about the CI/CD CLI Integration
Access
Users within designated Groups can update or view the Application. To add a Group to one of the access lists, drag and drop the Group from the Available Groups list onto desired access list. All Users who belong to a Group within an Access lists will be granted access to the Application:
| Access | Description |
|---|---|
| View | Any User in any Group within this list can see the selected Component in the List View. |
| Change | Any User in any Group within this list can make changes to the Component. |
| Deploy | Any User in any Group within this list can deploy the Application. Restrictions are based on the Access defined at the Environment level. |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.