- Checkmarx Documentation
- IAST Documentation
- User Guide
- Working with the IAST Web Interface
- Service Flows
Service Flows
Historically, when software programs consisted of monolith applications, the data flowed through several propagators, starting from a source and ending in a sink. If a vulnerability was discovered, a sanitizer would be inserted in the flow to fix the vulnerability. However, in the current, modern real world where microservices are used in applications, the data flows through many microservices. If we find a vulnerability in a microservice we don’t know if we should be concerned with it, since perhaps there is a sanitizer in a microservice feeding into this vulnerable microservice that has already neutralized the problem.
Note
The main aim of the microservice Service Flows feature is to show the connectivity between the scanned projects, allowing you to see which microservices lead to which vulnerabilities.
The Service Flows enables you to quickly visualize the flows between the services (i.e., microservices) of your project to help you determine which vulnerabilities must be remediated and which are just false positives.
The feature works for services that are being monitored by IAST Agents. IAST detects the connections between these services and follows the data flows between the services and displays them in a series of graphs allowing you to observe the services in different contexts and at different levels. Starting with a high level macro view showing the services involved in a flow, you can visualize the component sub-flows, and from there you can further examine the individual API flows which involve the vulnerabilities. A click on the flows in the detailed graph will open the Vulnerabilities tab with information about the scan and the vulnerability.
The feature consists of the following graphical displays, starting with a high level view of the services and drilling down to the details of the vulnerabilities and how they are interconnected:
The first three are located in the Service Flows page. The last one is located as an inset in the top-right corner of the Vulnerability page.
To access the Service Flows page:
Click Services and select Service Flows. The Service Flows page opens, displaying the Macro Graph.