|
2 | 2 |
|
3 | 3 | This topic provides an overview of the Replicated Security Center. |
4 | 4 |
|
| 5 | +:::note |
| 6 | +The Security Center is Alpha. To access the Security Center, a feature flag must be enabled for your team. See [Limitations](/vendor/security-center-about#limitations) below. |
| 7 | +::: |
| 8 | + |
5 | 9 | ## Overview |
6 | 10 |
|
7 | | -The Security Center helps Vendors strengthen security enablement within their application delivery process by providing a method for both Vendors and their Enterprise customers to monitor security risks, assess known vulnerabilities, and provide security information and compliance reports for each application release. The Security Center is powered by the underlying technology of Replicated’s [SecureBuild](https://securebuild.com/) product. |
| 11 | +The Security Center helps you strengthen security enablement in your application delivery process by making it easier for both you and your enterprise customers to monitor security risks, assess known vulnerabilities, and view security information for each application release. |
| 12 | + |
| 13 | +The Security Center is powered by Replicated’s [SecureBuild](https://securebuild.com/) product. |
8 | 14 |
|
9 | | -There are two primary interfaces of the Security Center: |
10 | | -* Vendor facing dashboard within your Vendor Portal team account |
11 | | -* End-customer facing dashboard within Enterprise Portal (optionally enabled per customer license) |
| 15 | +## Limitations |
| 16 | +* The Security Center is Alpha. The features and functionality of the Security Center are subject to change. |
| 17 | +* Access to the Security Center Alpha requires a feature flag be turned on for your team. For more information, reach out to your Replicated account representative. |
| 18 | +* Security Center reporting is available only for Embedded Cluster and Helm CLI installations. It is not available for kURL installations or for KOTS installations in an existing cluster. |
12 | 19 |
|
13 | | -To access the Security Center (Alpha) a feature flag must be enabled for your team. See [Limitations](/vendor/security-center-about#limitations). |
| 20 | +## Security Center Interfaces |
14 | 21 |
|
15 | | -## Vendor Portal |
| 22 | +The Security Center is accessible through the following interfaces: |
| 23 | +* Vendor-facing dashboard available in the Replicated Vendor Portal. See [Vendor Portal](#vendor-portal) below. |
| 24 | +* Enterprise customer-facing dashboard available in the Replicated Enterprise Portal (optionally enabled per customer license). See [Enterprise Portal](#enterprise-portal) below. |
16 | 25 |
|
17 | | -The Security Center helps Vendors be more security aware by: |
18 | | -* Identifying known vulnerable container images |
19 | | -* Providing CVE details |
20 | | -* And more |
| 26 | +### Vendor Portal |
21 | 27 |
|
22 | | -If the feature flag is enabled for your team, the Security Center tab will be available in the left-hand navigation in Vendor Portal. |
| 28 | +The Vendor Portal Security Center gives you access to the following key security insights for your releases: |
| 29 | +* Known vulnerabilities in container images |
| 30 | +* CVE details |
| 31 | +* A summary of top secuirty risks based on the assessed severity of the vulnerability |
23 | 32 |
|
24 | | -The following shows an example of the vendor-facing Security Center dashboard within Vendor Portal: |
| 33 | +The following shows an example of the vendor-facing Security Center dashboard in the Vendor Portal: |
25 | 34 |
|
26 | 35 |  |
27 | 36 |
|
28 | 37 | [View a larger version of this image](/images/security-center-dashboard.png) |
29 | 38 |
|
30 | | -## Enterprise Portal |
| 39 | +### Enterprise Portal |
31 | 40 |
|
32 | | -The Enterprise Portal Security Center allows you to provide security information alongside your application release, such as: |
33 | | -* Report of currently known CVEs for available application release versions |
34 | | -* Downloadable SBOM (Software Bill of Materials) |
35 | | -* And more |
| 41 | +The Enterprise Portal Security Center allows you to provide key security information to your enterprise customers alongside your application releases. |
36 | 42 |
|
37 | | -If you wish to enable the Security Center tab in a given customer’s Enterprise Portal experience, you must enable it at the per-customer license level under Customers -> Enterprise Portal access. The feature flag must be enabled for your team to see this option. |
| 43 | +On the **Security Center** tab of the Enterprise Portal, for each available release version, customers can: |
| 44 | +* View a detailed report of known CVEs |
| 45 | +* Download the Software Bill of Materials (SBOM) |
38 | 46 |
|
39 | | -The following shows an example of the end-customer-facing Security Center dashboard within the Enterprise Portal: |
| 47 | +The following shows an example of the Security Center dashboard in the Enterprise Portal: |
40 | 48 |
|
41 | 49 |  |
42 | 50 |
|
43 | 51 | [View a larger version of this image](/images/ep-security-center-dashboard.png) |
44 | 52 |
|
45 | | -## Limitations |
46 | | -* The Security Center is Alpha. The features and functionality of the Security Center are subject to change. |
47 | | -* Access to the Security Center Alpha requires a feature flag be turned on for your team account. Please reach out to your Account Representative for more information. |
48 | | -* Security Center reporting is available only for Embedded Clsuter and Helm installations. |
| 53 | +#### Enable the Enterprise Portal Security Center |
49 | 54 |
|
| 55 | +The **Security Center** tab in the Enterprise Portal is not enabled by default. If the Security Center feature flag is enabled for your Vendor Portal team, you can optionally enable the Enterprise Portal **Security Center** tab on a per-customer basis. |
50 | 56 |
|
| 57 | +To enable the **Security Center** tab in a customer's Enterprise Portal, go to **Customers > [Customer] > Enterprise Portal access**. |
0 commit comments