diff --git a/.cursor/rules/documentation_style.mdc b/.cursor/rules/documentation_style.mdc
index 5634a596b9..54fc0c6197 100644
--- a/.cursor/rules/documentation_style.mdc
+++ b/.cursor/rules/documentation_style.mdc
@@ -2,5 +2,4 @@
description:
globs:
alwaysApply: false
----
-
\ No newline at end of file
+---
\ No newline at end of file
diff --git a/docs/solutions/security/compliance-as-code.md b/docs/solutions/security/compliance-as-code.md
index f7640da76a..7f3ef18b1f 100644
--- a/docs/solutions/security/compliance-as-code.md
+++ b/docs/solutions/security/compliance-as-code.md
@@ -12,8 +12,8 @@ sidebar_position: 5
## Introduction
Compliance is critical, but most organizations still rely on outdated, manual methods:
-- **Spreadsheets** to track controls and audit status,
-- **Email threads** to gather evidence,
+- **Spreadsheets** to track controls and audit status.
+- **Email threads** to gather evidence.
- **Periodic checklists** disconnected from production systems.
This creates **painful audits**, stale evidence, and gaps between what's documented and what's actually happening in production.
@@ -71,8 +71,8 @@ With Port:
- *Audit Evidence* – proof items such as logs, screenshots, or test reports.
- Link services to their controls using **relations**.
- Tag services with key metadata:
- - Regulatory scope (SOC 2, PCI, HIPAA, GDPR),
- - Data sensitivity (PII, payment data, internal-only),
+ - Regulatory scope (SOC 2, PCI, HIPAA, GDPR).
+ - Data sensitivity (PII, payment data, internal-only).
- Criticality (customer-facing, revenue-generating, internal).
This creates a **single source of truth** for compliance across the organization.
@@ -115,13 +115,13 @@ Scorecards turn abstract frameworks into **measurable, trackable outcomes**.
| Logging & Monitoring | Centralized logging enabled for services | Cloud logging integrations |
Each control:
-- Is a **scorecard item** with pass/fail logic,
-- Is linked to services and teams,
+- Is a **scorecard item** with pass/fail logic.
+- Is linked to services and teams.
- Updates automatically when integrated systems change.
Dashboards then show:
-- Compliance by control area,
-- Overall readiness by service or business unit,
+- Compliance by control area.
+- Overall readiness by service or business unit.
- Historical progress over time.
## Step 4: automate compliance workflows
diff --git a/docs/solutions/security/prioritise-vulnerabilities.md b/docs/solutions/security/prioritise-vulnerabilities.md
index bcad99308c..9e0e552fb6 100644
--- a/docs/solutions/security/prioritise-vulnerabilities.md
+++ b/docs/solutions/security/prioritise-vulnerabilities.md
@@ -9,14 +9,22 @@ sidebar_position: 2
**Port transforms vulnerability management from chaos to clarity — helping security teams focus on what truly matters to the business.**
:::
+
## Executive summary
+
+Port turns vulnerability management from a chaotic, reactive process into a business-first security capability. By unifying all types of vulnerabilities, enriching them with business context, and enabling API and automation-driven prioritization, Port ensures you fix what matters—fast, strategically, and sustainably.
+
Modern security teams face an impossible task: thousands of vulnerabilities discovered daily across code, infrastructure, cloud, and open source dependencies. Without business context, every issue appears urgent, leading to **alert fatigue**, wasted resources, and dangerous blind spots.
+:::tip Transform vulnerability management
+Port transforms vulnerability management from chaos to clarity — helping security teams focus on what truly matters to the business.
+:::
+
Port solves this by **anchoring vulnerability management to business context**.
-Instead of starting with raw scanner data, Port starts with what matters most: your services, their owners, their environments, and their business impact.
-This context powers:
+Instead of starting with raw scanner data, Port starts with what matters most; your services, their owners, their environments, and their business impact.
+This context powers:
- **Unified visibility** – All vulnerabilities from all scanners in a single platform.
- **Risk-based prioritization** – Focus on vulnerabilities that truly impact production and revenue.
- **Automated workflows** – Route issues to the right teams with the right urgency.
@@ -28,12 +36,6 @@ The result: Security teams fix the **right vulnerabilities** faster, while devel
Port integrates with your existing security stack, automatically ingesting vulnerability data, enriching it with business context, and prioritizing it for action.
-
-
-
-:::tip Transform vulnerability management
-**Port transforms vulnerability management from chaos to clarity — helping security teams focus on what truly matters to the business.**
-:::
## Introduction
@@ -66,48 +68,103 @@ Many organizations fall into common traps. Here's how they go wrong—and how Po
Port transforms vulnerability data into actionable intelligence by anchoring it directly to business context:
-### 1. Unified context via software catalog
+### Unified context via software catalog
- Use **blueprints, relations, and entities** to represent services, ownership, criticality, environments, and compliance scope.
- Integrate with tools like **Trivy, Wiz, Dependabot, Orca, Snyk**, etc., to ingest vulnerabilities into Port with service links.
- Leverage **API ingestion** for custom tools or vulnerability sources, using Port's REST API to create/update vulnerability entities linked to services.
-### 2. Business context enrichment
+The catalog view below shows Port’s business-first approach in action: findings from many sources (Dependabot, Veracode, Trivy, Snyk, Semgrep, pen-tests, manual review) are normalized into one table and **linked to services in the software catalog** (e.g., *User Authentication Service*, *Customer Portal*). Catalog context—service criticality, data class, environment, ownership, dependencies—feeds the **Business Impact** label and rolls up into a single **Business Risk Score** that orders the queue (Log4j RCE at 100 down to a hard-coded key at 30).
+
+Duplicates are collapsed, policy choices are explicit via **Accepted Risk** (e.g., legacy Windows 2012 R2 = True), and every row carries the metadata needed to route to the right team and meet SLAs/compliance scope. Net: Port prioritizes what matters to the business, not just raw CVEs, by unifying vulnerability data with rich catalog context into one actionable triage view.
+
+- **One view, all sources:** Dependabot, Veracode, Trivy, Snyk, Semgrep, pen-tests, manual reviews—normalized into a single table.
+- **Catalog context applied:** Each finding is tied to the service in Port’s software catalog (criticality, data class, environment, ownership, dependencies).
+- **Business-first scoring:** Context drives **Business Impact** and a unified **Business Risk Score** that orders the queue.
+- **De-duped + clean:** Duplicates collapsed so teams don’t chase the same issue twice.
+- **Explicit risk decisions:** **Accepted Risk** captured (e.g., legacy tech), making policy tradeoffs visible.
+- **Right team, right SLA:** Ownership and scope metadata enable fast routing and compliance alignment.
+- **Outcome:** You work the items that matter most to the business—quickly and confidently.
+
+
+
+
+### Business context enrichment
- Vulnerabilities are enriched with metadata like **service ownership, environment (prod, staging), business criticality, data sensitivity, compliance implications**, and recent change status.
- This enables answering: *Which vulnerabilities threaten our revenue-critical production systems?*
-### 3. Real-time dashboards & scorecards
+Below dashboard views show how port enriches vulnerabilities with business context—so decisions tie back to impact and ownership:
+- **360° linking:** Connects the vuln to **incidents, audit evidence, controls, teams, services, and users** in one place.
+- **Clear ownership & freshness:** Team rows show **owners** and **last update** dates for accountable routing.
+- **Blast radius:** Calls out **affected component** `log4j-core-2.14.1.jar`, **services** (e.g., payment/notification), and **version**.
+- **Customer & SLA signals:** **SLA expiry** and **Affects customer data** turn technical risk into business urgency.
+- **Control & audit traceability:** Direct links to **controls**, **evidence**, and **audit log** for defensible proof.
+- **Executive-ready scorecards:** Badges (e.g., **Priority = Gold**, **Remediation = Gold**, **Trend Analysis = Bronze**) translate status into maturity at a glance.
+* **Prioritization ready:** Ownership + impact + compliance + SLA context produce a **business-first, fix-next** call.
+
+
+
+
+### Real-time dashboards & scorecards
- Build dashboards to track vulnerabilities by severity, status, team, or service using Port's UI and widget capabilities.
- Track maturity with **scorecards**, showing metrics like mean time to remediation (MTTR), percentage of services with owners, or open critical vulnerabilities over time, using Port's scorecard feature.
-### 4. Automation & context-aware workflows
+Port turns your live security data into **real-time dashboards and executive scorecards**. These dashboards and scorecards answer “how many, how old, how risky, and how ready” an organization is with their security capabilities. The views show current load (**15 open vulns**, **5 business-impacting**), how long items stay open, which types are spiking, and program health with simple badges (Gold/Bronze/Basic) for readiness, prioritization, risk assessment, and lifecycle discipline.
+
+- **Live KPIs:** “Total Open Vulnerabilities,” “Business-Impacting Vulnerabilities,” and “Days Open” update as scanners and tickets change.
+- **Trends that guide action:** Type trends (e.g., misconfig vs. info disclosure) highlight surges and where to focus teams.
+- **SLA visibility:** “Remediation SLA Trend” shows pace and potential breaches—useful for leadership and customers.
+- **Scorecards at a glance:** Remediation Readiness, Priority Management, Risk Assessment, and Lifecycle Management surface maturity with **Gold/Bronze/Basic** badges—executive-readable, audit-friendly.
+- **Business-aware slices:** Filter by service, environment, team, or customer tier from the catalog to get the exact view each stakeholder needs.
+- **Drill-through workflow:** Jump from a metric to the underlying vulnerabilities, owners, and affected services for fast routing.
+- **Shareable, consistent:** Common widgets keep weekly reviews, CISO reports, and auditor asks aligned to the same live truth.
+
+
+
+
+
+### Automation & context-aware workflows
- Define automations to **escalate high-priority issues**, such as when a vulnerability in a customer-facing prod service becomes critical.
- Build self-service actions to create tickets in Jira, Slack alerts, or trigger remediation workflows—only where business risk justifies action.
- Use Port's API and mapping layers to tailor behavior—e.g., API-driven rules, triage pipelines, or dynamic SLAs.
-### 5. API-driven integration & extensibility
+Port turns security policy into **automation that reacts to context**: scorecards like *Vulnerability Priority Management* continuously evaluate rules against the live software catalog—showing what passed (e.g., **98.67%**, **75 rules**) and how compliance trends over time—then trigger the right workflow when something slips.
+
+- **Policy-as-code:** Rules reference service criticality, data class, SLA, env, and ownership to decide priority and action.
+- **Auto-evaluation:** The **Runs** tab reflects scheduled/triggered executions on ingest, PRs, deploys, or scanner updates.
+- **Action on fail:** Pass/fail thresholds create Jira tickets, ping Slack, open incidents, or block changes for high-risk gaps.
+- **Context-aware routing:** Violations auto-assign to the owning **team/service** with links to related controls, evidence, and incidents.
+- **Time-series guardrails:** “% of rules passed over time” exposes drift and proves continuous compliance to leadership/auditors.
+- **Exception handling:** Waivers with expiries keep risk decisions explicit—no silent ignores.
+- **Audit-ready:** **Audit Log** preserves who/what/when for every rule run and action taken.
+- **Reusable widgets:** Drop the scorecard into any dashboard for real-time, executive-readable status.
+- **Example:** **Critical service** + **customer data** + **vulnerability** > **SLA** ⇒ `rule fails` ⇒ `Slack + Jira` notification to owner ⇒ change status to blocked until fixed.
+
+
+
+### API-driven integration & extensibility
- Port's **REST API** supports managing blueprints, entities, scorecards, and actions programmatically.
- Automate service metadata updates from CI/CD, incident systems, or IaC pipelines, keeping business context fresh.
## Putting it into practice: a practical workflow
-1. **Set up your software catalog** with service metadata (ownership, criticality, compliance, environments) and vulnerability blueprints (e.g., Trivy, Wiz).
-2. **Ingest vulnerabilities** via native integrations or API into Port, linking them to the relevant service entities.
-3. **Create dashboards** to visualize the active threat landscape in context (e.g., “Critical findings in production, by service owner”).
-4. **Define priority scoring** combining severity with business context—for instance:
- - Production service = +100
- - High revenue impact = +50
- - Customer data involved = +30
- - Known-exploited = +70
-5. **Automate workflows**:
+- **Set up your software catalog** with service metadata (ownership, criticality, compliance, environments) and vulnerability blueprints (e.g., Trivy, Wiz).
+- **Ingest vulnerabilities** via native integrations or API into Port, linking them to the relevant service entities.
+- **Create dashboards** to visualize the active threat landscape in context (e.g., “Critical findings in production, by service owner”).
+- **Define priority scoring** combining severity with business context—for instance:
+ - Production service = +100.
+ - High revenue impact = +50.
+ - Customer data involved = +30.
+ - Known-exploited = +70.
+- **Automate workflows**:
- Immediately notify owners when score exceeds threshold.
- Escalate top-10 findings to leadership daily.
- Create tickets and set different SLA windows based on business tier.
-6. **Track progress with scorecards**:
+- **Track progress with scorecards**:
- Average remediation time for production-ranked vulnerabilities.
- % of services with defined ownership.
- Trend of high-risk vulnerabilities over time.
@@ -116,16 +173,9 @@ Port transforms vulnerability data into actionable intelligence by anchoring it
By using Port's business-context-driven approach to vulnerability prioritization, organizations achieve:
-- **50%+ reduction** in wasted remediation time
-- **Faster MTTR on truly critical issues**
-- **Improved developer experience** with context-aware, actionable findings
-- **Better alignment** between security, product, and engineering teams
-- **Higher trust and accountability**, backed by dashboards and scorecards
-
-## Summary
-
-Port turns vulnerability management from a chaotic, reactive process into a business-first security capability. By unifying all types of vulnerabilities, enriching them with business context, and enabling API and automation-driven prioritization, Port ensures you fix what matters—fast, strategically, and sustainably.
+- **50%+ reduction** in wasted remediation time.
+- **Faster MTTR on truly critical issues**.
+- **Improved developer experience** with context-aware, actionable findings.
+- **Better alignment** between security, product, and engineering teams.
+- **Higher trust and accountability**, backed by dashboards and scorecards.
-:::tip Transform vulnerability management
-**Port transforms vulnerability management from chaos to clarity — helping security teams focus on what truly matters to the business.**
-:::
diff --git a/docs/solutions/security/security-actions-automations.md b/docs/solutions/security/security-actions-automations.md
index 1d0ad395ad..7fc055b3a3 100644
--- a/docs/solutions/security/security-actions-automations.md
+++ b/docs/solutions/security/security-actions-automations.md
@@ -9,18 +9,16 @@ Manual security processes don't scale. Every day, security teams face an overwhe
The traditional model—where every security decision must flow through a central security team—creates bottlenecks that slow development while paradoxically making organizations less secure. When security processes are friction-heavy and opaque, teams find workarounds that bypass security entirely.
-
-
## Why manual security processes create risk
Manual security processes seem safer on the surface, but they often create more risk than they prevent:
-- **Delayed response times**: Critical vulnerabilities wait in queues while analysts work through backlogs
-- **Inconsistent decision-making**: Different analysts make different calls on similar issues
-- **Context loss**: By the time security reviews happen, the original context is often lost
-- **Shadow IT emergence**: Teams bypass slow security processes by using unauthorized tools and services
-- **Analyst burnout**: Security professionals spend time on routine tasks instead of strategic threat hunting
+- **Delayed response times**: Critical vulnerabilities wait in queues while analysts work through backlogs.
+- **Inconsistent decision-making**: Different analysts make different calls on similar issues.
+- **Context loss**: By the time security reviews happen, the original context is often lost.
+- **Shadow IT emergence**: Teams bypass slow security processes by using unauthorized tools and services.
+- **Analyst burnout**: Security professionals spend time on routine tasks instead of strategic threat hunting.
## Intelligent security automations
@@ -31,32 +29,32 @@ Port transforms security from a manual bottleneck into an intelligent automation
Not every vulnerability deserves human attention. Intelligent triage routes issues based on business context:
#### Smart vulnerability routing
-- **Critical business services**: High-severity vulnerabilities in customer-facing services → immediate escalation to security team
-- **Internal tools**: Medium-severity findings in development tooling → standard team queue with 7-day SLA
-- **Deprecated services**: All vulnerabilities in services marked for decommissioning → batch review during maintenance windows
+- **Critical business services**: High-severity vulnerabilities in customer-facing services → immediate escalation to security team.
+- **Internal tools**: Medium-severity findings in development tooling → standard team queue with 7-day SLA.
+- **Deprecated services**: All vulnerabilities in services marked for decommissioning → batch review during maintenance windows.
#### Context-enriched alerts
Instead of raw scanner output, security teams receive actionable intelligence:
-- Service ownership and contact information
-- Business criticality and customer impact assessment
-- Recent changes that might have introduced vulnerabilities
-- Similar vulnerabilities previously found and how they were resolved
+- Service ownership and contact information.
+- Business criticality and customer impact assessment.
+- Recent changes that might have introduced vulnerabilities.
+- Similar vulnerabilities previously found and how they were resolved.
### Self-service security exception handling
Enable teams to handle routine security exceptions without waiting for approvals:
#### Risk-based auto-approval
-- **Low-risk exceptions**: Development environment vulnerabilities in non-sensitive applications → automatic approval with 30-day expiration
-- **Medium-risk exceptions**: Staging environment issues with documented compensating controls → automatic approval with security team notification
-- **High-risk exceptions**: Production vulnerabilities in customer-facing services → require security team review and approval
+- **Low-risk exceptions**: Development environment vulnerabilities in non-sensitive applications → automatic approval with 30-day expiration.
+- **Medium-risk exceptions**: Staging environment issues with documented compensating controls → automatic approval with security team notification.
+- **High-risk exceptions**: Production vulnerabilities in customer-facing services → require security team review and approval.
#### Transparent exception tracking
Every exception is logged with business justification and automatic expiration:
-- Clear documentation of risk acceptance reasoning
-- Automatic notifications when exceptions are approaching expiration
-- Audit trails for compliance and security review processes
-- Trend analysis to identify systematic security debt
+- Clear documentation of risk acceptance reasoning.
+- Automatic notifications when exceptions are approaching expiration.
+- Audit trails for compliance and security review processes.
+- Trend analysis to identify systematic security debt.
### Intelligent escalation workflows
@@ -64,15 +62,15 @@ Ensure critical security issues get the right attention without overwhelming sec
#### Escalation triggers
Smart escalation based on business context and time sensitivity:
-- **Immediate escalation**: Critical vulnerabilities in production services with known exploits
-- **Business hours escalation**: High-severity findings in customer-facing services during normal business hours
-- **Scheduled escalation**: Medium-severity issues that haven't been addressed within SLA timeframes
+- **Immediate escalation**: Critical vulnerabilities in production services with known exploits.
+- **Business hours escalation**: High-severity findings in customer-facing services during normal business hours.
+- **Scheduled escalation**: Medium-severity issues that haven't been addressed within SLA timeframes.
#### Contextual notifications
Send escalations to the right people with the right information:
-- **Security team**: Technical details, exploit availability, affected service architecture
-- **Engineering managers**: Business impact, resource requirements, timeline expectations
-- **Business stakeholders**: Customer impact, regulatory implications, competitive risks
+- **Security team**: Technical details, exploit availability, affected service architecture.
+- **Engineering managers**: Business impact, resource requirements, timeline expectations.
+- **Business stakeholders**: Customer impact, regulatory implications, competitive risks.
:::tip Design for the 80/20 rule
Automate the 80% of routine security decisions so your security team can focus on the 20% that require human expertise and judgment.
@@ -82,46 +80,71 @@ Automate the 80% of routine security decisions so your security team can focus o
### Vulnerability management automation
+:::tip stream
Streamline the vulnerability management lifecycle from detection to remediation:
+:::
+
+Port makes vulnerability management run itself with **context-aware automations**: recipes auto-create and route work, escalate past SLA, link vulns to incidents, update control status from fresh evidence, notify on control failures, and calculate a **business-aware risk score**—all from one place.
#### Automated vulnerability processing
-- [Create Jira issues from Dependabot alerts](/guides/all/create-jira-issue-from-dependabot/) with full context and ownership information
-- [Automatically escalate Snyk vulnerabilities](/guides/all/create-jira-issue-from-snyk-vulnerability/) based on business criticality and exploit availability
-- Route vulnerabilities to appropriate teams based on service ownership and technology stack
+ - [Create Jira issues from Dependabot alerts](/guides/all/create-jira-issue-from-dependabot/) with full catalog context and owners.
+ - [Automatically escalate Snyk vulnerabilities](/guides/all/create-jira-issue-from-snyk-vulnerability/) based on **service criticality** and **exploit availability**.
+ - Route vulnerabilities to the right team from **service ownership/tech stack** and notify on-call automatically.
+ - Link new security incidents to open vulnerabilities in affected services.
+ - Raise priority when items breach the **remediation SLA**.
#### Intelligent vulnerability enrichment
-- [Enrich security vulnerabilities using AI](/guides/all/enrich-security-vulnerability-using-ai/) to provide context and remediation guidance
-- Automatically research exploit availability and attack complexity
-- Correlate vulnerabilities with recent code changes and deployment history
-- Provide automated impact assessment based on service architecture
+ - [Enrich security vulnerabilities using AI](/guides/all/enrich-security-vulnerability-using-ai/) to provide context and remediation guidance.
+ - Use AI to add remediation guidance and business context to each finding.
+ - Auto-research exploit availability and attack complexity to adjust risk.
+ - Correlate with recent **code changes** and **deploy history** for likely owners and rollback paths.
+ - Generate impact assessments from **service architecture** (data class, dependencies, customer tier).
+
+#### Control-aware signals (closing the loop)
+ - Auto-update **control status** when new evidence lands; notify when a control test fails.
+ - Keep score with an auto-calculated **Vulnerability Risk Score** that blends CVSS, exploitability, and business impact.
+
+
### Automated compliance and standards enforcement
Reduce manual compliance checks through intelligent automation:
#### Proactive compliance monitoring
-- [Enforce branch protection rules](/guides/all/setup-branch-protection-rules/) across all repositories automatically
-- [Track GitLab project security maturity](/guides/all/track-gitlab-project-maturity-with-scorecards/) with automated scoring and improvement recommendations
-- Monitor security configurations and alert on drift from established baselines
+- [Enforce branch protection rules](/guides/all/setup-branch-protection-rules/) across all repositories automatically.
+- [Track GitLab project security maturity](/guides/all/track-gitlab-project-maturity-with-scorecards/) with automated scoring and improvement recommendations.
+- Monitor security configurations and alert on drift from established baselines.
#### Self-healing security configurations
-- Automatically remediate common security misconfigurations
-- Restore security settings when they're accidentally disabled
-- Apply security patches during maintenance windows with appropriate testing
+- Automatically create incident response channels with relevant stakeholders.
+- Provide responders with contextual information including architecture diagrams, ownership details, and recent deployment history.
+- Apply security patches during maintenance windows with appropriate testing.
### Incident response automation
-Accelerate security incident response through intelligent automation:
+Port turns signals into action for incident response—when CVSS changes, a vuln is assigned, or severity spikes, automations **update priority**, **notify owners**, and **escalate**—all pre-loaded with service context from your catalog.
+
+### Automated incident correlation
-#### Automated incident correlation
-- Correlate security alerts with service dependencies and recent changes
-- Automatically create incident response channels with relevant stakeholders
-- Provide responders with contextual information including architecture diagrams, ownership details, and recent deployment history
+- Correlate security alerts with **service dependencies**, owners, and **recent code/deploy changes**.
+- Auto-create incident channels (Slack/Teams) and add the **right stakeholders**.
+- Hand responders context on arrival: **architecture maps**, ownership, recent deployments, and affected customer tiers.
+- Link related vulns → incidents automatically; keep them in sync as status changes.
+
+### Response workflow automation
+
+- **Auto-update priority** when CVSS (or exploit intel) changes; re-sort queues instantly.
+- **Auto-notify on assignment** via webhook/Chat to the owning team based on catalog ownership and escalation policy.
+- **Auto-escalate critical incidents** the moment severity flips to critical; page on-call and raise visibility.
+- Pre-fill an **incident report** with known metadata (service, env, commit, deploy, owners).
+- Integrate with your IM tooling (PagerDuty, Opsgenie, Jira/ServiceNow) to keep the workflow consistent end-to-end.
+
+
#### Response workflow automation
-- Automatically notify relevant teams based on service ownership and escalation policies
-- Create placeholder incident reports with known information to accelerate documentation
-- Integrate with existing incident management tools to maintain workflow consistency
+- Automatically notify relevant teams based on service ownership and escalation policies.
+- Create placeholder incident reports with known information to accelerate documentation.
+- Integrate with existing incident management tools to maintain workflow consistency.
## Advanced security automation patterns
@@ -130,28 +153,31 @@ Accelerate security incident response through intelligent automation:
Leverage AI to augment human security decision-making:
#### Intelligent threat analysis
-- Analyze vulnerability patterns to identify systematic security weaknesses
-- Predict which services are most likely to have security issues based on historical data
-- Provide personalized security recommendations based on technology stack and risk profile
+- Analyze vulnerability patterns to identify systematic security weaknesses.
+- Predict which services are most likely to have security issues based on historical data.
+- Provide personalized security recommendations based on technology stack and risk profile.
+
+
#### Automated security testing
-- Trigger security scans based on code changes and deployment patterns
-- Integrate security testing into CI/CD pipelines with intelligent fail/pass decisions
-- Generate security test cases based on application architecture and attack patterns
+- Trigger security scans based on code changes and deployment patterns.
+- Integrate security testing into CI/CD pipelines with intelligent fail/pass decisions.
+- Generate security test cases based on application architecture and attack patterns.
+
### Dynamic risk assessment
Adjust security controls based on real-time risk assessment:
#### Context-aware access controls
-- Modify security review requirements based on service criticality and change risk
-- Automatically adjust approval workflows during high-risk periods (pre-holiday deployments, post-incident changes)
-- Implement dynamic security policies based on threat intelligence and organizational risk tolerance
+- Modify security review requirements based on service criticality and change risk.
+- Automatically adjust approval workflows during high-risk periods (pre-holiday deployments, post-incident changes).
+- Implement dynamic security policies based on threat intelligence and organizational risk tolerance.
#### Risk-based automation thresholds
-- Increase automation approval limits for teams with strong security track records
-- Require additional human oversight for services with recent security incidents
-- Adjust security scanning frequency based on service activity and risk profile
+- Increase automation approval limits for teams with strong security track records.
+- Require additional human oversight for services with recent security incidents.
+- Adjust security scanning frequency based on service activity and risk profile.
:::caution Balance speed with governance
While automation can dramatically improve efficiency, ensure you maintain appropriate audit trails and override capabilities for edge cases that require human judgment.
@@ -162,42 +188,42 @@ While automation can dramatically improve efficiency, ensure you maintain approp
### Phase 1: automate routine decisions
Start with low-risk, high-volume decisions that consume significant analyst time:
-- Development environment vulnerability approvals
-- Routine security exception renewals
-- Basic compliance checks and reporting
+- Development environment vulnerability approvals.
+- Routine security exception renewals.
+- Basic compliance checks and reporting.
### Phase 2: implement intelligent triage
Add business context to security decision-making:
-- Risk-based vulnerability prioritization
-- Automated escalation based on service criticality
-- Context-enriched security alerts and notifications
+- Risk-based vulnerability prioritization.
+- Automated escalation based on service criticality.
+- Context-enriched security alerts and notifications.
### Phase 3: enable predictive capabilities
Build forward-looking automation that prevents security issues:
-- Predictive vulnerability analysis based on code changes
-- Proactive security configuration management
-- AI-powered security recommendations and risk assessment
+- Predictive vulnerability analysis based on code changes.
+- Proactive security configuration management.
+- AI-powered security recommendations and risk assessment.
## Success metrics for security automation
Track the impact of your security automation program:
-- **Mean time to vulnerability remediation**: Should decrease as routine triage and routing are automated
-- **Security team utilization**: More time spent on strategic security work, less on routine processing
-- **Developer satisfaction**: Reduced wait times for security reviews and approvals
-- **Automation accuracy**: Low false positive rates and appropriate escalation decisions
-- **Security posture improvement**: Overall reduction in security debt and faster response to threats
+- **Mean time to vulnerability remediation**: Should decrease as routine triage and routing are automated.
+- **Security team utilization**: More time spent on strategic security work, less on routine processing.
+- **Developer satisfaction**: Reduced wait times for security reviews and approvals.
+- **Automation accuracy**: Low false positive rates and appropriate escalation decisions.
+- **Security posture improvement**: Overall reduction in security debt and faster response to threats.
## Real-world benefits
Organizations implementing Port's security automation approach see:
-- **Reduction in mean time to vulnerability remediation** through intelligent triage and routing
-- **Security exceptions handled automatically** with appropriate risk assessment and approval
-- **Reduction in security team manual work** enabling focus on strategic threat hunting
-- **Improvement in developer satisfaction** with security processes through reduced friction
-- **Faster incident response** through automated context gathering and stakeholder notification
+- **Reduction in mean time to vulnerability remediation** through intelligent triage and routing.
+- **Security exceptions handled automatically** with appropriate risk assessment and approval.
+- **Reduction in security team manual work** enabling focus on strategic threat hunting.
+- **Improvement in developer satisfaction** with security processes through reduced friction.
+- **Faster incident response** through automated context gathering and stakeholder notification.
By combining intelligent automation with appropriate human oversight, Port enables security teams to scale their impact while reducing friction for development teams and maintaining strong security posture.
diff --git a/docs/solutions/security/security-champions-initiatives.md b/docs/solutions/security/security-champions-initiatives.md
index 6f1ccf1e84..e0c9e733f4 100644
--- a/docs/solutions/security/security-champions-initiatives.md
+++ b/docs/solutions/security/security-champions-initiatives.md
@@ -9,29 +9,25 @@ sidebar_position: 4
**Port empowers organizations to scale security culture by making secure development measurable, actionable, and rewarding.**
:::
-:::tip Turn security into shared responsibility
-**Port helps you turn security from a siloed function into a shared, measurable responsibility across your entire organization.**
-:::
-
## Introduction
The most successful security programs are **not built by security teams alone**—they are built by empowering every developer to take part in protecting the business.
Traditional approaches rely on:
-- Mandatory training sessions,
-- Security checklists,
+- Mandatory training sessions.
+- Security checklists.
- Penalty-driven compliance.
These often create friction between security and engineering teams and fail to build sustainable engagement.
The reality: most developers **want** to build secure software but are overwhelmed by:
-- Conflicting security requirements,
-- Unclear guidance,
+- Conflicting security requirements.
+- Unclear guidance.
- Tools that slow them down.
The solution is to **make security the easy and rewarding choice** through:
-- Clear standards and expectations,
-- Automated guardrails,
+- Clear standards and expectations.
+- Automated guardrails.
- Recognition and motivation for security-positive behaviors.
Port provides the foundation to scale these efforts by connecting **people, processes, and technology** in one platform.
@@ -70,6 +66,18 @@ Track practices that prevent vulnerabilities from reaching production:
- **Data protection** – Sensitive data handled according to policy.
- **Security testing** – Security tests included in CI/CD pipelines.
+Port’s **Scorecards** make Application security success concrete. Scorecards can turn the OWASP Top-10 into tiered, measurable targets—**Basic → Bronze → Silver → Gold**. This helps teams see exactly what “good” looks like and how far they’ve progressed.
+
+- **Risk-aligned tiers:** Bronze (exploit blockers), Silver (crypto/logging integrity), Gold (design & config hardening) map effort to impact.
+- **Clear pass criteria:** Each OWASP control has an explicit check; green checks show what’s met (e.g., A01, A07, A03, A10 at Bronze; A08, A02, A09 at Silver; A06, A04, A05 at Gold).
+- **Instant posture view:** The horizontal progress bar shows portfolio maturity at a glance—no hunting through scans.
+- **Ownership built-in:** Scorecards can be filtered by service/team, turning standards into accountable goals.
+- **Automation hooks:** Fail a control → open ticket/notify/optionally gate deploys; pass → record evidence for audits.
+- **Continuous improvement:** Teams climb tiers over time, moving from break-fix to secure-by-design, tracked in one place.
+
+
+
+
### Infrastructure security scorecard
Ensure infrastructure is deployed and maintained securely:
- **Network security** – Proper segmentation and firewall rules.
@@ -86,8 +94,7 @@ Measure preparedness and response capabilities:
- **Backup and recovery** – Recovery processes tested regularly.
- **Compliance tracking** – Audit trails maintained and up-to-date.
-:::tip
-**Start small and iterate:**
+:::tip Start small and iterate
Focus scorecards on practices that teams directly control to ensure quick wins and early adoption.
:::
@@ -105,8 +112,8 @@ Examples:
- **Branch protection compliance** – Ensure all production repos enforce branch protection rules.
These campaigns can be **tracked in Port** through:
-- Dashboards that visualize campaign progress,
-- Automated alerts when thresholds are reached,
+- Dashboards that visualize campaign progress.
+- Automated alerts when thresholds are reached.
- Scorecard metrics tied to completion targets.
### Recognition and gamification
@@ -115,7 +122,7 @@ Recognizing and rewarding improvements encourages ongoing participation.
Examples:
- **Leaderboards** – Rank teams by their improvement scores.
-- **Achievement badges** – Reward milestones like "90% scorecard compliance."
+- **Achievement badges** – Reward milestones like "90% scorecard compliance.
- **Improvement showcases** – Share success stories at company all-hands.
- **Cross-team learning sessions** – High-performing teams teach others.
@@ -155,8 +162,8 @@ Champions should have **specific, measurable responsibilities**:
- Report vulnerabilities and guide remediation.
Success is tracked through:
-- Team scorecard performance,
-- Remediation timelines,
+- Team scorecard performance.
+- Remediation timelines.
- Training engagement rates.
### Step 3: implement scorecards
@@ -208,9 +215,9 @@ Organizations using Port to power their champions program have achieved:
Security champions bridge the gap between **security strategy** and **engineering execution**.
With Port, you can:
-- Define clear expectations through scorecards,
-- Drive progress with initiatives and campaigns,
-- Automate guardrails to make security seamless,
+- Define clear expectations through scorecards.
+- Drive progress with initiatives and campaigns.
+- Automate guardrails to make security seamless.
- Measure cultural change with actionable metrics.
diff --git a/docs/solutions/security/security-metrics-visualization.md b/docs/solutions/security/security-metrics-visualization.md
index 5cd8a08eaa..d1fcaf2b8d 100644
--- a/docs/solutions/security/security-metrics-visualization.md
+++ b/docs/solutions/security/security-metrics-visualization.md
@@ -9,16 +9,19 @@ sidebar_position: 3
**Port transforms security metrics from vanity numbers into actionable insights, helping CISOs, security teams, and developers align on what truly matters.**
:::
-:::tip Unify security strategy and execution
-**From prioritizing vulnerabilities to visualizing progress, Port unifies security strategy and execution in one powerful platform.**
-:::
## Executive summary
+Port enables you to **move beyond vanity metrics** and create security dashboards that:
+- Connect vulnerability data to business impact.
+- Show trends, not just snapshots.
+- Align executives, security teams, and developers around shared goals.
+- Drive measurable, continuous improvement.
+
Most security dashboards today are filled with **vanity metrics**—impressive to look at, but meaningless for driving action.
Executives see:
-- Raw vulnerability counts without business context,
-- Generic compliance percentages,
+- Raw vulnerability counts without business context.
+- Generic compliance percentages.
- Inflated attack numbers from bots and scanners.
These metrics create **false confidence** and fail to answer the questions that truly matter:
@@ -56,12 +59,39 @@ Every metric can be tied to:
- **Compliance scope** → SOX, PCI, HIPAA, GDPR.
- **Customer impact** → Which customer tiers or SLAs are affected.
+:::tip Focus on trends that matter
+ Every metric is sliceable by **Services, Teams, Vulnerabilities, Compliance scopes, and Customer tiers**, so prioritization follows business value, not just technical counts.
+:::
+
+The dashboards snippets below make Port’s business-context model concrete:
+- The **compliance rings** (ISO 27001, SOC 2, PCI, GDPR/HIPAA) tie metrics to **scope**, and can be filtered by **service** criticality and environment.
+- **Control Domain coverage** plus control **effectiveness/testing** map to **teams**—who owns what, where capacity is spent, and how well practices are adopted.
+- The **incident metrics** (priority mix, timeline completeness/management, MTTR, escalations) connect **vulnerabilities** to **customer impact**
+- Severity drives priority, MTTR expresses SLA risk by tier, and escalations expose leadership-level exposure.
+
+
+
+
+
+
+
+
This alignment ensures **metrics and dashboards are directly actionable**, not just observational.
## CISO dashboards with metrics that matter
-Security leaders need dashboards that **tell a story** about progress and risk.
-Port enables this with **flexible visualizations**, linking data sources to executive-friendly KPIs.
+- Security leaders need dashboards that **tell a story** about progress and risk.
+- Port enables this with **flexible visualizations**, linking data sources to executive-friendly KPIs.
+
+The below snippet from port dashboard is a CISO-at-a-glance view: **exposure**, **discipline**, and **trajectory**.
+- **Exposure:** *Incidents by priority* shows the mix (17 total across critical/high/medium) so you know risk, not just count.
+- **Discipline:** *Incident Timeline Completeness* and *Timeline Management* are **Gold** for all 17—clean comms, postmortems, and SLA hygiene.
+- **Trajectory:** *Incidents over time* highlights the early-October spike to spot surges and capacity pinch points.
+
+Together, these tie outcomes to action—where risk sits, how well response runs, and whether things are trending up or down—so funding and focus land where they matter.
+
+
+
### 1. Business risk metrics
@@ -74,6 +104,21 @@ These metrics focus on *business impact*, not just technical severity:
| **Risk-adjusted vulnerability trends** | Track whether overall risk is increasing or decreasing | Line chart showing risk score trends over time by service criticality |
| **Compliance gap analysis** | Understand gaps that affect revenue or compliance requirements | Scorecard tracking services mapped to regulatory frameworks |
+The dashboard views below express Business risk, distilled:
+- **17 incidents** total.
+- **5 escalated** to leadership.
+- **3 in progress** within normal capacity.
+- **MTTR: 30 minutes**, the main lever to cut customer impact.
+- Assurance shows **7 audits** completed, **15 evidences** collected, and **5 pending review**.
+- The **audit gap assessment (7 items)** flags remaining weaknesses.
+
+Together, these metrics reveal where risk concentrates (escalations and gaps), how severe it is (MTTR), and how prepared you are (audit/evidence flow) so spend targets the highest exposure.
+
+
+
+
+
+
### 2. Security Culture and Adoption Metrics
Security is a cultural challenge as much as a technical one:
@@ -85,6 +130,14 @@ Security is a cultural challenge as much as a technical one:
| **Time to complete security reviews** | Measure SDLC integration of security | Relations between services and review actions |
| **Security champion engagement** | Monitor champion program health | Blueprint for champions tied to team entities |
+The below dashboard snippet shows **security culture and adoption** in three beats:
+
+- **Control Implementation Status (25, Gold)** shows broad buy-in—controls are deployed and owned across the org.
+- **Security Program Maturity (25, mostly Bronze with some Silver)** signals teams are adopting standards but depth and repeatability are still maturing.
+- **Risk Management Effectiveness (15, mixed tiers)** reflects how consistently people use the process day-to-day—many basics are followed, some groups performing at Silver, with pockets to lift. Net adoption is wide, culture is forming, and the next move is raising consistency from Bronze/Basic to Silver/Gold.
+
+
+
### 3. Operational efficiency metrics
Showcase security team performance and tool effectiveness:
@@ -96,6 +149,10 @@ Showcase security team performance and tool effectiveness:
| **Incident detection & response time** | Track how quickly incidents are resolved | SLA tracking via actions + incident blueprint |
| **Automated remediation success rates** | Prove automation ROI | Trend chart of automation success vs manual fixes |
+The below view captures operational efficiency by showing how well and how consistently your program runs: **Control Effectiveness** and **Control Testing Coverage** both at **25 (Gold)** signal that all 25 controls meet a high maturity bar and are being validated on schedule, minimizing rework and audit risk. The **Control Domain coverage (Monthly)** trend then shows execution throughput by domain—e.g., late-September surges in network security, data protection, and IAM—making it easy to spot where effort is concentrated, where capacity may be over/under-allocated, and how evenly the team is maintaining control coverage over time.
+
+
+
:::tip Focus on trends, not snapshots
Single-point metrics can mislead.
Port dashboards allow you to **visualize trends over time**, showing whether posture is improving, stable, or declining.
@@ -184,10 +241,13 @@ This metrics program directly complements the **vulnerability prioritization** a
By connecting metrics and prioritization in one platform, Port eliminates silos and provides a **single source of truth** for security performance.
-## Summary
+Port's dashboard snippet below supports risk-based vulnerability prioritization by showing **what matters, how sure we are, and how soon it’s due**:
-Port enables you to **move beyond vanity metrics** and create security dashboards that:
-- Connect vulnerability data to business impact.
-- Show trends, not just snapshots.
-- Align executives, security teams, and developers around shared goals.
-- Drive measurable, continuous improvement.
\ No newline at end of file
+- The evidence Category groups 15 findings by business domain (operational, security, technical, etc.) to gauge impact.
+- Evidence Reliability weights each item by confidence (highly-reliable > reliable > N/A) to cut noise.
+- Audit trends/timeline surface time-pressure from pen-test and certification spikes
+- Available controls/Control Type reveal coverage gaps (e.g., thin detective/corrective controls) that raise residual risk.
+
+In practice, vulnerability catalog items can be ranked with a compact rubric — `Priority = Business Impact × Evidence Reliability × Audit Urgency × Control Gap`. For instance, highly-reliable security/technical pen-test findings during the October surge with weak non-preventive control coverage move to the top.
+
+
\ No newline at end of file
diff --git a/static/img/guides/security-solution/auto-1.png b/static/img/guides/security-solution/auto-1.png
new file mode 100644
index 0000000000..4de36fef94
Binary files /dev/null and b/static/img/guides/security-solution/auto-1.png differ
diff --git a/static/img/guides/security-solution/auto-2.png b/static/img/guides/security-solution/auto-2.png
new file mode 100644
index 0000000000..4522d96818
Binary files /dev/null and b/static/img/guides/security-solution/auto-2.png differ
diff --git a/static/img/guides/security-solution/auto-3.png b/static/img/guides/security-solution/auto-3.png
new file mode 100644
index 0000000000..a0bdcdb3c6
Binary files /dev/null and b/static/img/guides/security-solution/auto-3.png differ
diff --git a/static/img/guides/security-solution/auto-4.png b/static/img/guides/security-solution/auto-4.png
new file mode 100644
index 0000000000..152d45386f
Binary files /dev/null and b/static/img/guides/security-solution/auto-4.png differ
diff --git a/static/img/guides/security-solution/compliance-1.png b/static/img/guides/security-solution/compliance-1.png
new file mode 100644
index 0000000000..09549fb68f
Binary files /dev/null and b/static/img/guides/security-solution/compliance-1.png differ
diff --git a/static/img/guides/security-solution/compliance-2.png b/static/img/guides/security-solution/compliance-2.png
new file mode 100644
index 0000000000..c048e90de3
Binary files /dev/null and b/static/img/guides/security-solution/compliance-2.png differ
diff --git a/static/img/guides/security-solution/control-coverage.png b/static/img/guides/security-solution/control-coverage.png
new file mode 100644
index 0000000000..151d90496d
Binary files /dev/null and b/static/img/guides/security-solution/control-coverage.png differ
diff --git a/static/img/guides/security-solution/incidents-1.png b/static/img/guides/security-solution/incidents-1.png
new file mode 100644
index 0000000000..b2939005ca
Binary files /dev/null and b/static/img/guides/security-solution/incidents-1.png differ
diff --git a/static/img/guides/security-solution/incidents-2.png b/static/img/guides/security-solution/incidents-2.png
new file mode 100644
index 0000000000..4d451e6338
Binary files /dev/null and b/static/img/guides/security-solution/incidents-2.png differ
diff --git a/static/img/guides/security-solution/incidents-3.png b/static/img/guides/security-solution/incidents-3.png
new file mode 100644
index 0000000000..a171dd1718
Binary files /dev/null and b/static/img/guides/security-solution/incidents-3.png differ
diff --git a/static/img/guides/security-solution/mttr.png b/static/img/guides/security-solution/mttr.png
new file mode 100644
index 0000000000..011d1b5071
Binary files /dev/null and b/static/img/guides/security-solution/mttr.png differ
diff --git a/static/img/guides/security-solution/owasp-scorecard.png b/static/img/guides/security-solution/owasp-scorecard.png
new file mode 100644
index 0000000000..f6dc0be2e5
Binary files /dev/null and b/static/img/guides/security-solution/owasp-scorecard.png differ
diff --git a/static/img/guides/security-solution/scorecard-1.png b/static/img/guides/security-solution/scorecard-1.png
new file mode 100644
index 0000000000..145a5ad1b0
Binary files /dev/null and b/static/img/guides/security-solution/scorecard-1.png differ
diff --git a/static/img/guides/security-solution/sec-met-1.png b/static/img/guides/security-solution/sec-met-1.png
new file mode 100644
index 0000000000..ae8ca2ca57
Binary files /dev/null and b/static/img/guides/security-solution/sec-met-1.png differ
diff --git a/static/img/guides/security-solution/sec-met-2.png b/static/img/guides/security-solution/sec-met-2.png
new file mode 100644
index 0000000000..82a47f4b63
Binary files /dev/null and b/static/img/guides/security-solution/sec-met-2.png differ
diff --git a/static/img/guides/security-solution/vuln-catalog.png b/static/img/guides/security-solution/vuln-catalog.png
new file mode 100644
index 0000000000..f1474a2bf2
Binary files /dev/null and b/static/img/guides/security-solution/vuln-catalog.png differ
diff --git a/static/img/guides/security-solution/vuln-context-teams.png b/static/img/guides/security-solution/vuln-context-teams.png
new file mode 100644
index 0000000000..da76796b03
Binary files /dev/null and b/static/img/guides/security-solution/vuln-context-teams.png differ
diff --git a/static/img/guides/security-solution/vuln-context.png b/static/img/guides/security-solution/vuln-context.png
new file mode 100644
index 0000000000..1d177e7738
Binary files /dev/null and b/static/img/guides/security-solution/vuln-context.png differ
diff --git a/static/img/guides/security-solution/vuln-rules.png b/static/img/guides/security-solution/vuln-rules.png
new file mode 100644
index 0000000000..c7dc44d55a
Binary files /dev/null and b/static/img/guides/security-solution/vuln-rules.png differ
diff --git a/static/img/guides/security-solution/vuln-stats.png b/static/img/guides/security-solution/vuln-stats.png
new file mode 100644
index 0000000000..a7b472baa5
Binary files /dev/null and b/static/img/guides/security-solution/vuln-stats.png differ
diff --git a/static/img/guides/security-solution/vuln-trends.png b/static/img/guides/security-solution/vuln-trends.png
new file mode 100644
index 0000000000..2489bf6d96
Binary files /dev/null and b/static/img/guides/security-solution/vuln-trends.png differ