Mini Map
After a project is scanned, multiple vulnerabilities might be detected. The Mini Map, a small panel with a simple graphic display of the result flow, is provided to help you understand the impact of these vulnerabilities on the microservices. The Mini Map is located on the Vulnerability page.
To view results using the Mini Map
Click a vulnerability in a service that is part of a service flow, for example when you click the Blind_SQL_Injection vulnerability, encountered in the bank_storage_new service as illustrated below...
...the Vulnerability page opens with the Mini Map panel at the right side of the page, as shown below.
For convenience, the Mini Map can be collapsed like this:
Using the Mini Map, you can navigate among the following:
Result flows – using the pagination at the bottom. Refer to Navigating among result flows.
Service flows – using the Select Service Flow button at the top. Refer to Navigating among service flows.
Vulnerabilities in the flows – using the blocks. Refer to Navigating among vulnerabilities across different services.
If a vulnerability is part of a service flow, the Mini Map displays flows. If it is not part of a service flow, the Mini Map displays No Data as illustrated below.
Note
For IAST v3.10 and later, when Flows w/o Inputs :flows: is enabled, result flows that do not impact the services are filtered out to avoid crowding the user interface.
Navigating among result flows
Using the pagination at the bottom of Mini Map, you can navigate between different API/result/vulnerability flows that are part of a service flow which contain the selected vulnerability.
For example, the following two Mini Maps show you the same selected vulnerability, but after paging through different flows:
If you selected an SQL_Injection block in the Mini Map and you page through the different flows, it would be similar to going to the Result Flows page and only examining the flows with SQL_Injection vulnerabilities, as illustrated below.
Navigating among Service Flows
Click Select Service Flow at the top of the Mini Map. A popup, similar to the following, appears with the available service flows that contain the selected vulnerability.
Select the flow that you want to examine.
Whenever you select a different flow in the Service Flows popup, the Mini Map reflects the changes in the selected service flow, showing the selected vulnerability and, if relevant, a flow of a different length. For example, the following Mini Maps show different service flow lengths:
Navigating among Vulnerabilities across Different Services
On the Mini Map, click the service block labeled with the desired vulnerability, for example SSRF. The Vulnerability page displays information about the selected vulnerability.
Clicking on a different block, such as the bottom block labeled SQL Injection in the above screenshot, will open a different Vulnerability page, such as the one illustrated below.
