Using Security & Compliance

Viewing the Dashboard

The Security & Compliance Dashboard provides an overview of the security of the ActivePython applications in use in your organization. It displays summary information for your organization:

  • Warnings: A color-coded list of component warnings (high=red, medium=yellow, low=green)
  • Identities: A list of identities being tracked for your organization. Identities with the most recent activity are listed first.
  • Components: An alphabetical list of the components identified for your organization.
  • Recent activity: A list of all recent actions that have occurred (e.g. session start, session end, scan submitted, scan returned, new vulnerability identified).

Viewing Warning details

You can view all of the current warnings identified for your organization. A warning is generated for each software package where one or more vulnerabilities is identified. Vulnerabilities are identified by matching the particular version of the software package with known vulnerabilities listed in the Common Vulnerabilities and Exposures (CVE) List.

Warnings are categorized by the severity of the vulnerability:

  • High
  • Medium
  • Low
  1. Open your web browser and navigate to http://platform.activestate.com and sign in.
  2. In the Your Organizations list, select the organization to view Security & Compliance information for .
  3. Click the Security & Compliance tab.
  4. Click the Warnings link in the navigation bar.
  5. Review the information listed for the warnings. Each warning includes the following information:
    • Component: The name and version of the software package identified as containing a vulnerability. You can click on the software package link to view additional information about the package including the package homepage, the latest version and its release date, and a list of identities that use the vulnerable package.
    • Identity: The Security & Compliance identity name, the instance of the interpreter running the ActiveState Platform Plugin, the vulnerable software package is running on.
    • Issue: The CVE identifier associated with the vulnerability. The CVE identifier is a unique, common identifier for a publicly known information-security vulnerability in a publicly available software package.
    • Identified on: Lists the date the vulnerability was first identified by a scan of the software package by Security & Compliance.
    • Description: The description for the CVE entry, which provides details about the vulnerability.
  6. In general, you need to update the component to the latest version, or at least a version where the specific vulnerability is fixed, to resolve the warning.

Viewing Identity details

Use the Identities page to view detailed information about individual identities in your organization. This page provides a quick way to see where vulnerabilities have been identified, and find out more information.

  1. Open your web browser and navigate to http://platform.activestate.com and sign in.
  2. Click the Security & Compliance tab.
  3. Click the Identities link in the navigation bar.
  4. An identities table is displayed listing detailed information for each identity:
    • Identity: The identity name and the unique identifier for the identity.
    • Sessions: Lists active/inactive sessions, and the date and time for the most recent active session.
    • Recent session: The date and time of the most recent session.
    • Warnings: The number of high, medium, and low warnings identified.
    • Recent scan: The date and time of the most recent scan.
    • Components recognized: The number of components (packages or modules) successfully identified by the scan, followed by the total number of components scanned.
  5. Click on the Identity name in the first column to view more details for an individual identity, such as the list of components and details for any warning associated with the identity.

Viewing Component details

When a component, a Python module or package, is scanned by Security & Compliance under any identity it is added to the Components page. If vulnerabilities are identified it is added to the “With Warnings” section, otherwise it’s added to the “Without Warnings” section.

The With Warnings section lists the component name and version, and the number of high, medium, and low vulnerabilities identified for the component. You can click the component name to view detailed information about the component, such as the latest version and where to find it, the details for the warning, and the identities the component has been found in.

  1. Open your web browser and navigate to https://platform.activestate.com and sign in.
  2. Click the Security & Compliance tab.
  3. Click the Components link in the navigation bar.
  4. Review the components listed on the page, and click the component name to view details for any individual component.