With the Projects Management feature, you can create different types of projects and centralize the results of security analyses, such as code review, SAST, DAST, penetration testing, and requirement validation (Threat Modeling), in one place.
On the left menu, click on "Projects" to access the centralized dashboard of all your projects.
To add new projects, on the right panel, select the Project you want to manage or create a new one by clicking on the “+ New Project” option.
On the screen, you will find an overview of the status of your projects.
Estimated: indicates that the project has not yet started, but is planned for the near future.
Running: indicates that the project is in progress.
Fixing: indicates that security vulnerabilities have been identified and the responsible team is working to fix them.
Done: indicates that the project has been completed and the security team considers that the vulnerabilities have been adequately identified and/or corrected.
Paused: indicates that the project has been temporarily suspended. This may be due to a change in priority, lack of resources, or any other reason.
Details and Properties
After selecting a project, the default “Details” screen will be displayed. You can review the project's properties here or edit them by clicking on the “Edit” icon on the left:
On the screen, you will find information about the vulnerabilities identified in this specific project based on their status:
Unpublished: indicates that the vulnerability was identified by a security analyst and has not yet been published by the project analysis.
Identified: indicates that the vulnerability has been identified and recorded in the vulnerability management system.
Risk Accepted: indicates that the security team has evaluated the vulnerability and decided that the risk is acceptable.
In progress: indicates that the responsible team is actively working on fixing the vulnerability.
Fix refused: indicates that the security team refused to fix the vulnerability.
Fix accepted: indicates that the security team accepted the fix proposed by the development team.
This menu presents some sections that help to understand the situation and progression of the project, but may differ depending on the type of product or service contracted.
Track the entire timeline through the project's "Timeline." The history contains a complete record of each action taken on the project.
In "Access," it is possible to manage access by project, allowing the project manager or responsible party to invite new users to access it. For more information, consult the following guide.
If you need to share user access or support documents for a specific system, we recommend using Conviso Platform's "Resources," where you can register credentials and files as attachments. For more information, consult this following guide.
In "Findings," it is possible to view security issues and potential vulnerabilities identified during a security analysis of the project in question.
This section refers to the code deployment process after the security analysis and possibly some changes made to it.
After the analysis and commit of the changes, a deploy is generated, which brings comparisons of the code before and after the analysis.
This allows for the visualization of differences (diffs) between code versions and provides evidence of the changes made.
"Report" is used to insert custom content into technical reports. The feature is used so that users can extract the results of a project executed on the platform.
The purpose of the technical report is to document everything that occurred during the project, identify any security risks that were detected, and include project information provided by the security analyst.
In "Requirements," it is possible to create an action plan based on the tasks that need to be performed.
They are divided into status according to the situation in which they are: not started, in progress, and completed.
If you have any questions or need help using our product, please don't hesitate to contact our support team.