DigitSec Spring23 Release

As DigitSec has grown quickly over the past several months, it became clear that parts of the platform needed to make considerable steps forward. We took an opportunity this past Fall to embark on improving the user interface, making the platform more robust, helping secure ecommerce and more.

New User Interface

First and foremost, the reaction from users who have seen a preview remark on how much faster and responsive the interface has become. We switched our front-end framework to React, enabling our team to deploy a more modern and fresh design aesthetic.

By leveraging the component based architecture of React, users no longer have to wait for the page to completely load behind the scenes before the page redraws.

We have also discarded the left-hand navigation column and have moved to a top-level navigation. This is better from an aesthetic viewpoint, but we are also able to leverage it functionally.

Moreover, we are moving away from simple tables and grids when we are representing workspaces or people and are moving to a stack-based design. This also offers a more modern look and provides a way to provide more useful information.

For vulnerability findings in particular, we have invested a lot of time to streamline the forms that allow users to

  • Make comments and add tags
  • Modify status, severity or assignment
  • Review vulnerability history

One of DigitSec’s key values in the marketplace is the simple and straightforward ramp for a team to get to utilization. On Day One, they can leverage some of the basic workflow we have built into the system that lets teams communicate and track vulnerabilities and their resolution.

Moreover, we’ve put a lot of effort into making the query screens for vulnerabilities more powerful. Users can control which columns are displayed and have access to more powerful filters. Again, by leveraging the power of React, queries are returned to the screen much more quickly than in the past.

Also, query results are now persistent across page loads and will only disappear once the query parameters have been reset. This allows for better work-flow as teams switch between query results and finding details.

Ready For Commerce Cloud

In addition to being able to scan Salesforce Orgs, DigitSec also provides security scanning capabilities for Salesforce B2C Commerce Cloud Sites. We initially launched in Summer of 2022 with support for the legacy SiteGenesis infrastructure.

With this Spring23 release, we are adding in support for SFRA infrastructure. Companies that rely on Salesforce for eCommerce can now integrate security scanning into their development workflow.

Ready for the Complex Use Cases

As the product matures, it will continue to evolve. In this release, we have rolled out a much more robust user management and permissions structure. Previously, we had a rather limited two role system and there were structural limits to user boundaries. 

The new system introduces four baked-in roles of Administrator, Team Administrator, Team User and Team Read-Only. Below the Global level, users must be given explicit access to a “workspace”, whether that is a Salesforce Org, B2C Site, or scratch org. Findings, Reports and Visualizations are now restricted to users that have access to that workspace. 

We are also giving Administrators the ability to create a Custom Role and fine-tune the permissions to meet their specific needs. We see this as a benefit for our global customers who need to keep different development teams focused on their own specific workspace, while also giving management an easy way to stay on top of vulnerabilities. 

We see this as a benefit for our growing list of consulting partners who wish to run security assessments for their clients on a more ad-hoc basis. They can provide Read-Only access to client stakeholders to facilitate discussion and discovery.

Nice-to-Haves

We’ve added a new capability to assign tags and custom titles to vulnerability scans. This will allow teams to be able to refer to specific scans that they’ve completed, particularly when there are different scan sets or rules being run at different times for the same workspace. This is another useful tool teams can leverage to help them stay organized as they monitor their Salesforce posture.

Our licensing model is designed to accelerate development. There’s no meter on the number of scans and there’s no limit on the number of users or the number of Scratch, Dev or Test Orgs that are in a DigitSec environment.

With that in mind, we’ve added Search and Filtering tools to our Dashboard screen to allow users to quickly find the workspaces they wish to monitor. This is particularly helpful for the Administrators of our Enterprise-sized accounts, but it is also handy for teams that want each developer to leverage the full capabilities of DigitSec.

As mentioned earlier, we’re also surfacing more data for teams, particularly to see when other team members have logged into the system, to see at a glance when a workspace was last scanned, and to have a better sense of the scans that were last run on a workspace.

Integrations

The big news on integrations for Q1 2023 is the uptake with Copado. We’ve been working closely with them to make sure we are compatible with their latest versions. We are excited to work with a number of large clients to integrate DigitSec scanning into their Copado workflows. We’re also proud to say that we were recently named a Copado Innovation Award Winner at the COPA Community Day March 23, 2023. This is the second year in a row that we’ve received this honor.

We’re pleased to see our partners running many scans each day as they innovate on the Salesforce platform. Our Customer Success Team is working to develop case studies that examine some of the use and deployment cases that we plan to share soon.

Andy Montoya

Andy Montoya

DigitSec

DigitSec brings four scans to protect Salesforce: Source Code Analysis, Custom Runtime Testing, Software Composition Analysis, & Cloud Security Configuration Review. #DevOps

Recent Posts

Sign up for our Newsletter

Get security tips sent to your inbox.

Sign up to get updates and security insights from DigitSec