One method for defining your applications is to select relevant images and repositories from your component library. The component library is populated based on SBOM files that pull application component and lifecycle data from your third-party tools and services.
Before you begin
Ensure that you have uploaded SBOM files in ConcertDef and CycloneDX formats.
Procedure
-
Select .
-
Click .
-
Enter a name for the application definition.
-
Enter a description for internal reference.
-
Adjust the version number as needed.
-
Set the criticality level.
The criticality level specifies the importance of an application's availability to business operations. This classification helps prioritize security vulnerabilities based on the application's importance.
-
Set the data impact risk level.
The data impact risk level assess the potential consequences of data exposures in the event of security breach. This classification informs the necessary risk mitigation and protection strategies.
-
Apply one or more tags to this environment definition.
-
Click Next.
-
Select the relevant Repositories, if applicable.
You can select repositories using one of the following options:
- Select from inventory list: Select repositories from the existing inventory list.
- GitHub pull: Pull repositories directly from your organization’s GitHub account.
To pull repositories from
GitHub, provide the following input details:
-
Click Next.
-
Select the relevant Images, if applicable.
Note: Certain images must be listed automatically based on your selected repositories. Removing images from the list also removes the corresponding repositories.
-
Click Next.
-
Select the relevant Environments, if applicable.
-
Click Next.
-
Review the summary, then click Create.
Note: When creating an application from the components or editing an application through the UI, you are limited to selecting up to 2000 repositories, images, or environments. If your application requires more than 2000 components, you need to use either ConcertDef SBOM (application, build, or deploy) or through API.
Results
The new application definition appears in the list. You can click the application name to view associated components (images, repositories) and any impacting CVEs and their corresponding tickets.
What to do next
Grant access to other Compliance center users in your organization to view or edit the application definition that you created. See Managing access to your applications and environments for instructions.