Asset Management¶
The Asset Management page provides a comprehensive interface to view and manage your asset relationships and data, allowing you to manage data for archived repositories, define and manage monorepository structures, and clean up residual findings for scanning technologies you may have removed or replaced.
Orphaned Assets & Finding¶
An Orphaned Asset is any asset previously connected to a 3rd party system but is no longer visible to Boost due to removal or permission changes. Boost retains the data by default in case of temporary issues, but users can permanently clean up the data if the asset is confirmed to be gone using the Asset Management page.
An Orphaned Finding is any finding associated with an asset originating from a scanner that is no longer provisioned against that asset. In other words, a finding that can never be automatically closed due to resolution because the source of the finding’s detection is no longer able to report information to Boost.
Asset Management Grouping¶
All assets can be grouped by their Organization or the Scanner that has contributed data to the asset. The primary benefit of Organization grouping is that it enables users to define monorepository assets and efficiently identify and remove orphaned assets within Boost, while the primary benefit of Scanner grouping is that it allows the user to clean up any orphaned findings within Boost.
Group By Organization¶
Grouping by Organization allows users to organize assets based on their associated organizations, making it easier to manage monorepository structures and address orphaned assets. This approach provides a clear view of assets within each organization, enabling efficient cleanup and streamlined asset management within Boost.
Group By Scanner¶
Grouping by Scanner allows users to organize assets based on the scanning technologies that contributed data to them. This approach helps users efficiently manage and clean up orphaned findings associated with scanners that are no longer in use, ensuring a more streamlined and accurate asset management process within Boost.
Asset Management Filters¶
To refine your view and manage orphaned assets more effectively, the asset management page offers advanced filtering options:
- Orphaned Data: Filter assets based on the resources they are associated with.
- Mono Repositories: Filter assets to display those within or outside mono repositories, simplifying the management of large, consolidated codebases.
- Provider: Filter assets by the source code management providers, such as GitLab, BitBucket, AWS Code Commit, etc., enabling focused management based on the source of your repositories.
- Asset Type: Filter results based on asset type, i.e., Container Image, Repositories, Kubernetes.
- AI Components: Filter assets that include AI-related components, such as machine learning models, AI-driven tools, or frameworks like TensorFlow or PyTorch.
- Filter By Attributes: Filter assets based on specific attributes, i.e., assets containing specific technologies like HTML, JavaScript, or Python.
- Code Framework: Filter assets by frameworks used in the codebase, such as Django, Express, or NestJS.
- Manual Tag: Filter assests by custom tags assigned to resources such as repositories and organizations.
- 3rd Party SaaS Products: Filter assets linked to external SaaS products, such as AWS, Azure DevOps, GCP, or Slack.
- Exposes API: Filter assets that expose APIs, enabling users to focus on API-related resources.
- Personal Information: Filter assets containing sensitive personal information, such as financial data, medical records, or personal identifiers.
These filters ensure you can efficiently navigate and manage your assets, keeping your security posture robust and up-to-date.
Archive Assets¶
The Asset Archiving feature gives users flexible control over which repositories are considered active in security posture reporting. This feature helps streamline security tracking by allowing you to exclude irrelevant or inactive assets from your security coverage metrics.
If an asset is archived, all previous scan data, triage history, and configuration details will be permanently removed.
Key Capabilities¶
Boost’s Asset Archiving feature provides two archiving methods:
- Manual Archiving: Directly archive repositories within Boost’s interface, regardless of their status in the source control system.
- Automatic Archiving via Source Control: Boost automatically respects the archived status of repositories from supported Source Code Management (SCM) systems, including GitHub, GitLab, and Azure DevOps (ADO). When a repository is archived in the SCM, it is automatically excluded from Boost’s active posture reporting.
How to Archive Assets in Boost¶
Manual Archiving¶
- On the Asset Management page, select the repositories you wish to archive by checking the corresponding boxes.
-
Click the Actions dropdown in the upper right corner of the page.
-
Select Archive to remove the selected repositories from active security posture tracking. Be sure you mean to archive the asset per the warning!
Any assets that are archived will lose all associated data including findings and violations, triage work such as suppressions, verified and overrides, associated tickets, and any assigned policies and scanners.
-
Once the asset is successfully archived, it will be listed under the Archived visualization filter tab on the Asset Management page.
Archiving via Source Control¶
If a repository is archived within GitHub, GitLab, or Azure DevOps, Boost will automatically detect this status change and archive the repository accordingly. This ensures that inactive assets in your SCM do not contribute to your security posture metrics in Boost.
Unarchiving Assets¶
Only manually archived assets can be unarchived within Boost and such assets only have default coverage and will create all new findings based on the current new scan results. Assets archived via source control cannot be unarchived directly in Boost. To reinstate these repositories, update their status in the SCM.
Important
Once an asset is unarchived (either from the SCM or directly within Boost), it will behave as a newly discovered asset. Only the default scanners will be provisioned, and the asset will inherit policies from its parent. Findings will be generated based on the asset’s current state, with no retention of data or history from its pre-archived state.
To unarchive an asset:
- Navigate to the Visualization tab and click the Archived filter to display archived assets.
- Select the asset you wish to unarchive and click the Actions button in the top-right corner.
- From the dropdown menu, select Unarchive.
- Upon successful completion, a confirmation message will appear indicating that the asset has been unarchived.
Visualizing Archived Assets¶
Archived assets are separated from active assets and can be easily tracked using the Archived filter visualization tab on the Asset Management page. This provides clear visibility into both your current security landscape and your excluded repositories.
Export Assets¶
This functionality allows users to easily export detailed information about all assets within their environment into a CSV file.
Key Benefits¶
- Comprehensive Data Export: Export detailed asset information, including organization name, repository type, repository attributes, and more, in a structured CSV format.
- Enhanced Data Management: With the exported CSV file, users can easily filter, sort, and analyze asset data using tools like Excel or Google Sheets.
- Quick Access: The export feature is readily accessible via the Export button on the Asset Management page.
How to Use the Export Feature¶
- Navigate to the Asset Management page.
-
Click on the Export button located at the top-right corner of the page.
-
The CSV file will be generated and downloaded, containing all relevant asset details.
Manual Tags¶
Manual Tags allow you to categorize and group related resources such as repositories and organizations, based on custom-defined labels. These tags improve visibility, prioritization, and filtering across the platform, especially in the dashboard and findings pages.
Examples of common tags include:
critical
— for infrastructure-critical repositories.outsourced
— for third-party maintained assets.non-prod
— to differentiate staging or development environments.
These names are all custom and not standard. Once created and assigned, Manual Tags become accessible across Boost’s filtering tools to streamline audits, reporting, and triage.
Some Important Use Cases¶
- Prioritize critical infrastructure by filtering security findings from assets tagged
critical
. - Track outsourced codebases to apply different risk review policies.
- Segment dashboards based on business unit or environment (
marketing
,non-prod
, etc.). - Support governance efforts by grouping
legacy
,shadow
, or manually maintained repositories.
Creating Manual Tags¶
Follow the steps below to create a manual tag:
- Navigate to the Asset Management page.
-
Click the Actions dropdown in the upper right corner of the page and select Manage Manual Tags.
-
In the pop-up modal, type your desired tag name (max 25 characters), and click the Add button.
Note
⚠️ Tags must be unique. Use consistent naming conventions (e.g., critical, non-prod, 3rd-party).
Assigning Tags to Resources¶
Once created, you can assign Manual Tags to one or more repositories:
- Select one or more repositories from the Asset Management page.
-
Click the Actions button and choose Assign Manual Tags.
-
In the modal, check the boxes next to the tags you want to apply and click Update to finalize.
Note
You can assign multiple tags to a single resource.
Deleting Manual Tags¶
To delete a tag:
-
Click the Actions dropdown in the upper right corner of the page and select Manage Manual Tags.
-
Click the trash icon next to the tag you want to remove.
-
Based on whether the tag is currently in use, one of the following confirmation prompts will appear:
-
Unassigned Tag: If the tag is not associated with any assets, a simple confirmation dialog will appear. Click the Delete Manual Tag button to confirm the removal of the tag.
-
Assigned Tag: If the tag is currently applied to one or more resources, a warning dialog will notify you: "🚫Deleting a tag will remove it from all associated resources. This action cannot be undone." Review the impact carefully, then click Delete Manual Tag button to confirm and proceed with deletion.
-