Security solution images from widgets

.cursor/rules/documentation_style.mdc

@@ -2,5 +2,4 @@
 description: 
 globs: 
 alwaysApply: false
----
-
+---

docs/solutions/security/compliance-as-code.md

@@ -12,8 +12,8 @@ sidebar_position: 5
 ## Introduction
 
 Compliance is critical, but most organizations still rely on outdated, manual methods:
-- **Spreadsheets** to track controls and audit status,
-- **Email threads** to gather evidence,
+- **Spreadsheets** to track controls and audit status.
+- **Email threads** to gather evidence.
 - **Periodic checklists** disconnected from production systems.
 
 This creates **painful audits**, stale evidence, and gaps between what's documented and what's actually happening in production.  
@@ -71,8 +71,8 @@ With Port:
   - *Audit Evidence* – proof items such as logs, screenshots, or test reports.
 - Link services to their controls using **relations**.
 - Tag services with key metadata:
-  - Regulatory scope (SOC 2, PCI, HIPAA, GDPR),
-  - Data sensitivity (PII, payment data, internal-only),
+  - Regulatory scope (SOC 2, PCI, HIPAA, GDPR).
+  - Data sensitivity (PII, payment data, internal-only).
   - Criticality (customer-facing, revenue-generating, internal).
 
 This creates a **single source of truth** for compliance across the organization.
@@ -115,13 +115,13 @@ Scorecards turn abstract frameworks into **measurable, trackable outcomes**.
 | Logging & Monitoring | Centralized logging enabled for services | Cloud logging integrations |
 
 Each control:
-- Is a **scorecard item** with pass/fail logic,
-- Is linked to services and teams,
+- Is a **scorecard item** with pass/fail logic.
+- Is linked to services and teams.
 - Updates automatically when integrated systems change.
 
 Dashboards then show:
-- Compliance by control area,
-- Overall readiness by service or business unit,
+- Compliance by control area.
+- Overall readiness by service or business unit.
 - Historical progress over time.
 
 ## Step 4: automate compliance workflows

docs/solutions/security/prioritise-vulnerabilities.md

@@ -9,14 +9,22 @@ sidebar_position: 2
 **Port transforms vulnerability management from chaos to clarity — helping security teams focus on what truly matters to the business.**
 :::
 
+
 ## Executive summary
 
+
+Port turns vulnerability management from a chaotic, reactive process into a business-first security capability. By unifying all types of vulnerabilities, enriching them with business context, and enabling API and automation-driven prioritization, Port ensures you fix what matters—fast, strategically, and sustainably.
+
 Modern security teams face an impossible task: thousands of vulnerabilities discovered daily across code, infrastructure, cloud, and open source dependencies. Without business context, every issue appears urgent, leading to **alert fatigue**, wasted resources, and dangerous blind spots.
 
+:::tip Transform vulnerability management
+Port transforms vulnerability management from chaos to clarity — helping security teams focus on what truly matters to the business.
+:::
+
 Port solves this by **anchoring vulnerability management to business context**.  
-Instead of starting with raw scanner data, Port starts with what matters most: your services, their owners, their environments, and their business impact.  
-This context powers:
+Instead of starting with raw scanner data, Port starts with what matters most; your services, their owners, their environments, and their business impact.
 
+This context powers:
 - **Unified visibility** – All vulnerabilities from all scanners in a single platform.  
 - **Risk-based prioritization** – Focus on vulnerabilities that truly impact production and revenue.  
 - **Automated workflows** – Route issues to the right teams with the right urgency.  
@@ -28,12 +36,6 @@ The result: Security teams fix the **right vulnerabilities** faster, while devel
 
 Port integrates with your existing security stack, automatically ingesting vulnerability data, enriching it with business context, and prioritizing it for action.
 
-<!-- TO-Do -->
-<!-- Mermaid graph -->
-
-:::tip Transform vulnerability management
-**Port transforms vulnerability management from chaos to clarity — helping security teams focus on what truly matters to the business.**
-:::
 
 ## Introduction
 
@@ -66,48 +68,103 @@ Many organizations fall into common traps. Here's how they go wrong—and how Po
 
 Port transforms vulnerability data into actionable intelligence by anchoring it directly to business context:
 
-### 1. Unified context via software catalog
+### Unified context via software catalog
 
 - Use **blueprints, relations, and entities** to represent services, ownership, criticality, environments, and compliance scope.
 - Integrate with tools like **Trivy, Wiz, Dependabot, Orca, Snyk**, etc., to ingest vulnerabilities into Port with service links.
 - Leverage **API ingestion** for custom tools or vulnerability sources, using Port's REST API to create/update vulnerability entities linked to services.
 
-### 2. Business context enrichment
+The catalog view below shows Port’s business-first approach in action: findings from many sources (Dependabot, Veracode, Trivy, Snyk, Semgrep, pen-tests, manual review) are normalized into one table and **linked to services in the software catalog** (e.g., *User Authentication Service*, *Customer Portal*). Catalog context—service criticality, data class, environment, ownership, dependencies—feeds the **Business Impact** label and rolls up into a single **Business Risk Score** that orders the queue (Log4j RCE at 100 down to a hard-coded key at 30).
+
+Duplicates are collapsed, policy choices are explicit via **Accepted Risk** (e.g., legacy Windows 2012 R2 = True), and every row carries the metadata needed to route to the right team and meet SLAs/compliance scope. Net: Port prioritizes what matters to the business, not just raw CVEs, by unifying vulnerability data with rich catalog context into one actionable triage view.
+
+- **One view, all sources:** Dependabot, Veracode, Trivy, Snyk, Semgrep, pen-tests, manual reviews—normalized into a single table.
+- **Catalog context applied:** Each finding is tied to the service in Port’s software catalog (criticality, data class, environment, ownership, dependencies).
+- **Business-first scoring:** Context drives **Business Impact** and a unified **Business Risk Score** that orders the queue.
+- **De-duped + clean:** Duplicates collapsed so teams don’t chase the same issue twice.
+- **Explicit risk decisions:** **Accepted Risk** captured (e.g., legacy tech), making policy tradeoffs visible.
+- **Right team, right SLA:** Ownership and scope metadata enable fast routing and compliance alignment.
+- **Outcome:** You work the items that matter most to the business—quickly and confidently.
+
+
+<img src='/img/guides/security-solution/vuln-catalog.png' alt='Vulnerability catalog' width='80%' border='1px' />
+
+### Business context enrichment
 
 - Vulnerabilities are enriched with metadata like **service ownership, environment (prod, staging), business criticality, data sensitivity, compliance implications**, and recent change status.
 - This enables answering: *Which vulnerabilities threaten our revenue-critical production systems?*
 
-### 3. Real-time dashboards & scorecards
+Below dashboard views show how port enriches vulnerabilities with business context—so decisions tie back to impact and ownership:
+- **360° linking:** Connects the vuln to **incidents, audit evidence, controls, teams, services, and users** in one place.
+- **Clear ownership & freshness:** Team rows show **owners** and **last update** dates for accountable routing.
+- **Blast radius:** Calls out **affected component** `log4j-core-2.14.1.jar`, **services** (e.g., payment/notification), and **version**.
+- **Customer & SLA signals:** **SLA expiry** and **Affects customer data** turn technical risk into business urgency.
+- **Control & audit traceability:** Direct links to **controls**, **evidence**, and **audit log** for defensible proof.
+- **Executive-ready scorecards:** Badges (e.g., **Priority = Gold**, **Remediation = Gold**, **Trend Analysis = Bronze**) translate status into maturity at a glance.
+* **Prioritization ready:** Ownership + impact + compliance + SLA context produce a **business-first, fix-next** call.
+
+<img src='/img/guides/security-solution/vuln-context.png' alt='Vulnerability context - users' width='80%' border='1px' />
+<img src='/img/guides/security-solution/vuln-context-teams.png' alt='Vulnerability context - users' width='80%' border='1px' />
+
+### Real-time dashboards & scorecards
 
 - Build dashboards to track vulnerabilities by severity, status, team, or service using Port's UI and widget capabilities.
 - Track maturity with **scorecards**, showing metrics like mean time to remediation (MTTR), percentage of services with owners, or open critical vulnerabilities over time, using Port's scorecard feature.
 
-### 4. Automation & context-aware workflows
+Port turns your live security data into **real-time dashboards and executive scorecards**. These dashboards and scorecards answer “how many, how old, how risky, and how ready” an organization is with their security capabilities. The views show current load (**15 open vulns**, **5 business-impacting**), how long items stay open, which types are spiking, and program health with simple badges (Gold/Bronze/Basic) for readiness, prioritization, risk assessment, and lifecycle discipline.
+
+- **Live KPIs:** “Total Open Vulnerabilities,” “Business-Impacting Vulnerabilities,” and “Days Open” update as scanners and tickets change.
+- **Trends that guide action:** Type trends (e.g., misconfig vs. info disclosure) highlight surges and where to focus teams.
+- **SLA visibility:** “Remediation SLA Trend” shows pace and potential breaches—useful for leadership and customers.
+- **Scorecards at a glance:** Remediation Readiness, Priority Management, Risk Assessment, and Lifecycle Management surface maturity with **Gold/Bronze/Basic** badges—executive-readable, audit-friendly.
+- **Business-aware slices:** Filter by service, environment, team, or customer tier from the catalog to get the exact view each stakeholder needs.
+- **Drill-through workflow:** Jump from a metric to the underlying vulnerabilities, owners, and affected services for fast routing.
+- **Shareable, consistent:** Common widgets keep weekly reviews, CISO reports, and auditor asks aligned to the same live truth.
+
+<img src='/img/guides/security-solution/vuln-stats.png' alt='Vulnerability stats' width='80%' border='1px' />
+
+<img src='/img/guides/security-solution/vuln-trends.png' alt='Vulnerability trends' width='80%' border='1px' />
+
+### Automation & context-aware workflows
 
 - Define automations to **escalate high-priority issues**, such as when a vulnerability in a customer-facing prod service becomes critical.
 - Build self-service actions to create tickets in Jira, Slack alerts, or trigger remediation workflows—only where business risk justifies action.
 - Use Port's API and mapping layers to tailor behavior—e.g., API-driven rules, triage pipelines, or dynamic SLAs.
 
-### 5. API-driven integration & extensibility
+Port turns security policy into **automation that reacts to context**: scorecards like *Vulnerability Priority Management* continuously evaluate rules against the live software catalog—showing what passed (e.g., **98.67%**, **75 rules**) and how compliance trends over time—then trigger the right workflow when something slips.
+
+- **Policy-as-code:** Rules reference service criticality, data class, SLA, env, and ownership to decide priority and action.
+- **Auto-evaluation:** The **Runs** tab reflects scheduled/triggered executions on ingest, PRs, deploys, or scanner updates.
+- **Action on fail:** Pass/fail thresholds create Jira tickets, ping Slack, open incidents, or block changes for high-risk gaps.
+- **Context-aware routing:** Violations auto-assign to the owning **team/service** with links to related controls, evidence, and incidents.
+- **Time-series guardrails:** “% of rules passed over time” exposes drift and proves continuous compliance to leadership/auditors.
+- **Exception handling:** Waivers with expiries keep risk decisions explicit—no silent ignores.
+- **Audit-ready:** **Audit Log** preserves who/what/when for every rule run and action taken.
+- **Reusable widgets:** Drop the scorecard into any dashboard for real-time, executive-readable status.
+- **Example:** **Critical service** + **customer data** + **vulnerability** > **SLA** ⇒ `rule fails` ⇒ `Slack + Jira` notification to owner ⇒ change status to blocked until fixed.
+
+<img src='/img/guides/security-solution/vuln-rules.png' alt='Vulnerability rules' width='80%' border='1px' />
+
+### API-driven integration & extensibility
 
 - Port's **REST API** supports managing blueprints, entities, scorecards, and actions programmatically.
 - Automate service metadata updates from CI/CD, incident systems, or IaC pipelines, keeping business context fresh.
 
 ## Putting it into practice: a practical workflow
 
-1. **Set up your software catalog** with service metadata (ownership, criticality, compliance, environments) and vulnerability blueprints (e.g., Trivy, Wiz).
-2. **Ingest vulnerabilities** via native integrations or API into Port, linking them to the relevant service entities.
-3. **Create dashboards** to visualize the active threat landscape in context (e.g., “Critical findings in production, by service owner”).
-4. **Define priority scoring** combining severity with business context—for instance:
-   - Production service = +100
-   - High revenue impact = +50
-   - Customer data involved = +30
-   - Known-exploited = +70
-5. **Automate workflows**:
+- **Set up your software catalog** with service metadata (ownership, criticality, compliance, environments) and vulnerability blueprints (e.g., Trivy, Wiz).
+- **Ingest vulnerabilities** via native integrations or API into Port, linking them to the relevant service entities.
+- **Create dashboards** to visualize the active threat landscape in context (e.g., “Critical findings in production, by service owner”).
+- **Define priority scoring** combining severity with business context—for instance:
+   - Production service = +100.
+   - High revenue impact = +50.
+   - Customer data involved = +30.
+   - Known-exploited = +70.
+- **Automate workflows**:
    - Immediately notify owners when score exceeds threshold.
    - Escalate top-10 findings to leadership daily.
    - Create tickets and set different SLA windows based on business tier.
-6. **Track progress with scorecards**:
+- **Track progress with scorecards**:
    - Average remediation time for production-ranked vulnerabilities.
    - % of services with defined ownership.
    - Trend of high-risk vulnerabilities over time.
@@ -116,16 +173,9 @@ Port transforms vulnerability data into actionable intelligence by anchoring it
 
 By using Port's business-context-driven approach to vulnerability prioritization, organizations achieve:
 
-- **50%+ reduction** in wasted remediation time
-- **Faster MTTR on truly critical issues**
-- **Improved developer experience** with context-aware, actionable findings
-- **Better alignment** between security, product, and engineering teams
-- **Higher trust and accountability**, backed by dashboards and scorecards
-
-## Summary
-
-Port turns vulnerability management from a chaotic, reactive process into a business-first security capability. By unifying all types of vulnerabilities, enriching them with business context, and enabling API and automation-driven prioritization, Port ensures you fix what matters—fast, strategically, and sustainably.
+- **50%+ reduction** in wasted remediation time.
+- **Faster MTTR on truly critical issues**.
+- **Improved developer experience** with context-aware, actionable findings.
+- **Better alignment** between security, product, and engineering teams.
+- **Higher trust and accountability**, backed by dashboards and scorecards.
 
-:::tip Transform vulnerability management
-**Port transforms vulnerability management from chaos to clarity — helping security teams focus on what truly matters to the business.**
-:::