Security considerations for Engineering Insights

Learn about the security considerations in the IBM Engineering Lifecycle Optimization - Engineering Insights (ENI).

Image allowlist

You can use images in ENI that are visible at different places. The following examples state where you can set the URL for the image source:

The image container – You can specify the URL as the location of an image that you want to display in an image container.
The properties of a view – You can specify the image URL to set an image as a background for a view.
The UI type tab on the Node dialog – You can set the Fill type parameter to Pattern in the Fill property dialog box and set the Image URL to display an image as node background.

Image files are susceptible to malware attack. You must add the domains of the images to a allowlist to prevent the attack. For more information, see Managing the allowlist for uploading images.

Note: Only administrators who have access to the JTS server file system can add domain names to the allowlist.

Resolving data spill by removing sensitive data

In views and impact analysis diagrams, ENI shows related artifacts from Engineering Lifecycle Management (ELM) applications that are registered with the Lifecycle Query Engine (LQE). ENI stores the definitions that determine what data to display in views and impact analysis diagrams, but it does not store the data itself. The artifacts that are shown in views, impact analysis diagrams, and search results are retrieved from the Lifecycle Query Engine (LQE).

Only administrators can resolve data spills in ENI. To remove sensitive data from ENI views, administrators must follow the data spill procedure for the affected ELM applications. For more information, see Resolving data spill by removing sensitive data.