Technical Dept of Homegrown Applications in EA Workspace TPM/TRM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
Hi,
we recently came across requirements regarding Technical Dept, for which we are not sure how to utilize the TPM/TRM to take care of them.
1.) How can technical dept, that is not related to the lifecycle, but instead shortcuts taken during development/customization be represented?
2.) Can we import information regarding vulnerabilities for applications, maybe via the SecOps module, and where/how would that be represented?
3.) Can we import information regarding vulnerabilities for homegrown applications or open-source applications and how would that be represented?
Thanks for any input!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
17 hours ago
Hi @GGriessler
1. I’m not sure what you need exactly but it seems to suggest a technology standard with a shortened lifecycle? Is that correct, or do you mean that you want certain examples of that technology bypasses certain stages?
2. and 3. This is available via (infrastructure) vulnerability response. You integrate with a vulnerability scanner like Qualys or Tenable; the vulnerabilities are stored in the Third-party Vulnerability table and the CI, including both commercial and homegrown applications, are stored in the Vulnerable Item table. Each Vulnerable Item references the Third-party Vulnerability and CI. It uses the CMDB IRE to match the details supplied by the scanner to a CI in the CMDB using Lookup Rules.
I hope this helps!
Mat
