About the Security Center (Alpha)

This topic provides an overview of the Replicated Security Center.

note

The Security Center is Alpha. To access the Security Center, a feature flag must be enabled for your team. See Limitations below.

Overview

The Security Center helps you strengthen security enablement in your application delivery process by making it easier for both you and your enterprise customers to monitor security risks, assess known vulnerabilities, and view security information for each application release.

The Security Center is powered by Replicated’s SecureBuild product.

Limitations

• The Security Center is Alpha. The features and functionality of the Security Center are subject to change.
• Access to the Security Center Alpha requires a feature flag be turned on for your team. For more information, reach out to your Replicated account representative.
• Security Center reporting is available only for Embedded Cluster and Helm CLI installations. It is not available for kURL installations or for KOTS installations in an existing cluster.

Security Center Interfaces

The Security Center is accessible through the following interfaces:

• Vendor-facing dashboard available in the Replicated Vendor Portal. See Vendor Portal below.
• Enterprise customer-facing dashboard available in the Replicated Enterprise Portal (optionally enabled per customer license). See Enterprise Portal below.

Vendor Portal

The Vendor Portal Security Center gives you access to the following key security insights for your releases:

• Known vulnerabilities in container images
• CVE details
• A summary of top secuirty risks based on the assessed severity of the vulnerability

The following shows an example of the vendor-facing Security Center dashboard in the Vendor Portal:

View a larger version of this image

Enterprise Portal

The Enterprise Portal Security Center allows you to provide key security information to your enterprise customers alongside your application releases.

On the Security Center tab of the Enterprise Portal, for each available release version, customers can:

• View a detailed report of known CVEs
• Download the Software Bill of Materials (SBOM)

The following shows an example of the Security Center dashboard in the Enterprise Portal:

View a larger version of this image

Enable the Enterprise Portal Security Center

The Security Center tab in the Enterprise Portal is not enabled by default. If the Security Center feature flag is enabled for your Vendor Portal team, you can optionally enable the Enterprise Portal Security Center tab on a per-customer basis.

To enable the Security Center tab in a customer's Enterprise Portal, go to Customers > [Customer] > Enterprise Portal access.