Asset Management¶
The Asset Management page provides a comprehensive interface to view and manage your asset relationships and data, allowing you to manage data for archived repositories, define and manage monorepository structures, and clean up residual findings for scanning technologies you may have removed or replaced.
Orphaned Assets & Finding¶
An Orphaned Asset is any asset previously connected to a 3rd party system but is no longer visible to Boost due to removal or permission changes. Boost retains the data by default in case of temporary issues, but users can permanently clean up the data if the asset is confirmed to be gone using the Asset Management page.
An Orphaned Finding is any finding associated with an asset originating from a scanner that is no longer provisioned against that asset. In other words, a finding that can never be automatically closed due to resolution because the source of the finding’s detection is no longer able to report information to Boost.
Asset Management Grouping¶
All assets can be grouped by their Organization or the Scanner that has contributed data to the asset. The primary benefit of Organization grouping is that it enables users to define monorepository assets and efficiently identify and remove orphaned assets within Boost, while the primary benefit of Scanner grouping is that it allows the user to clean up any orphaned findings within Boost.
Group By Organization¶
Grouping by Organization allows users to organize assets based on their associated organizations, making it easier to manage monorepository structures and address orphaned assets. This approach provides a clear view of assets within each organization, enabling efficient cleanup and streamlined asset management within Boost.
Group By Scanner¶
Grouping by Scanner allows users to organize assets based on the scanning technologies that contributed data to them. This approach helps users efficiently manage and clean up orphaned findings associated with scanners that are no longer in use, ensuring a more streamlined and accurate asset management process within Boost.
Asset Management Filters¶
To refine your view and manage orphaned assets more effectively, the asset management page offers advanced filtering options:
- Orphaned Data: Filter assets based on the resources they are associated with.
- Mono Repositories: Filter assets to display those within or outside mono repositories, simplifying the management of large, consolidated codebases.
- Provider: Filter assets by the source code management providers, such as GitLab, BitBucket, AWS Code Commit, etc., enabling focused management based on the source of your repositories.
- Asset Type: Filter results based on asset type, i.e., Container Image, Repositories, Kubernetes.
- AI Components: Filter assets that include AI-related components, such as machine learning models, AI-driven tools, or frameworks like TensorFlow or PyTorch.
- Filter By Attributes: Filter assets based on specific attributes, i.e., assets containing specific technologies like HTML, JavaScript, or Python.
- Code Framework: Filter assets by frameworks used in the codebase, such as Django, Express, or NestJS.
- 3rd Party SaaS Products: Filter assets linked to external SaaS products, such as AWS, Azure DevOps, GCP, or Slack.
- Exposes API: Filter assets that expose APIs, enabling users to focus on API-related resources.
- Personal Information: Filter assets containing sensitive personal information, such as financial data, medical records, or personal identifiers.
These filters ensure you can efficiently navigate and manage your assets, keeping your security posture robust and up-to-date.
Archive Assets¶
The Asset Archiving feature gives users flexible control over which repositories are considered active in security posture reporting. This feature helps streamline security tracking by allowing you to exclude irrelevant or inactive assets from your security coverage metrics.
If an asset is archived, all previous scan data, triage history, and configuration details will be permanently removed.
Key Capabilities¶
Boost’s Asset Archiving feature provides two archiving methods:
- Manual Archiving: Directly archive repositories within Boost’s interface, regardless of their status in the source control system.
- Automatic Archiving via Source Control: Boost automatically respects the archived status of repositories from supported Source Code Management (SCM) systems, including GitHub, GitLab, and Azure DevOps (ADO). When a repository is archived in the SCM, it is automatically excluded from Boost’s active posture reporting.
How to Archive Assets in Boost¶
Manual Archiving¶
- On the Asset Management page, select the repositories you wish to archive by checking the corresponding boxes.
-
Click the Actions dropdown in the upper right corner of the page.
-
Select Archive to remove the selected repositories from active security posture tracking. Be sure you mean to archive the asset per the warning!
Any assets that are archived will lose all associated data including findings and violations, triage work such as suppressions, verified and overrides, associated tickets, and any assigned policies and scanners.
-
Once the asset is successfully archived, it will be listed under the Archived visualization filter tab on the Asset Management page.
Archiving via Source Control¶
If a repository is archived within GitHub, GitLab, or Azure DevOps, Boost will automatically detect this status change and archive the repository accordingly. This ensures that inactive assets in your SCM do not contribute to your security posture metrics in Boost.
Unarchiving Assets¶
Only manually archived assets can be unarchived within Boost and such assets only have default coverage and will create all new findings based on the current new scan results. Assets archived via source control cannot be unarchived directly in Boost. To reinstate these repositories, update their status in the SCM.
Important
Once an asset is unarchived (either from the SCM or directly within Boost), it will behave as a newly discovered asset. Only the default scanners will be provisioned, and the asset will inherit policies from its parent. Findings will be generated based on the asset’s current state, with no retention of data or history from its pre-archived state.
To unarchive an asset:
- Navigate to the Visualization tab and click the Archived filter to display archived assets.
- Select the asset you wish to unarchive and click the Actions button in the top-right corner.
- From the dropdown menu, select Unarchive.
- Upon successful completion, a confirmation message will appear indicating that the asset has been unarchived.
Visualizing Archived Assets¶
Archived assets are separated from active assets and can be easily tracked using the Archived filter visualization tab on the Asset Management page. This provides clear visibility into both your current security landscape and your excluded repositories.
Export Assets¶
This functionality allows users to easily export detailed information about all assets within their environment into a CSV file.
Key Benefits¶
- Comprehensive Data Export: Export detailed asset information, including organization name, repository type, repository attributes, and more, in a structured CSV format.
- Enhanced Data Management: With the exported CSV file, users can easily filter, sort, and analyze asset data using tools like Excel or Google Sheets.
- Quick Access: The export feature is readily accessible via the Export button on the Asset Management page.
How to Use the Export Feature¶
- Navigate to the Asset Management page.
-
Click on the Export button located at the top-right corner of the page.
-
The CSV file will be generated and downloaded, containing all relevant asset details.