Before we drill-down to the bits and bytes, let's start by reviewing the inventory main use-cases:

1. Gain full asset visibility with continuous synchronization to all relevant data sources (SCM's, DNS management, etc.)

2. Prioritize mitigation efforts according to associated risk and business impact

3. Track scanning coverage and surface gaps in the AppSec policy

Assets and their attributes

Each line in the inventory is an asset by itself. Most assets are actual components of the application (code repositories, domains, endpoints, etc.), but an asset can also be a representation of a group such as the asset type (repository), a group (certain business unit) or even a product.

Assets in the inventory are presented with key attributes in the following columns:

• Defects - scan findings (vulnerabilities), colored by severity

• Controls - a view of scanners that were either executed on the asset or required to be executed by policy

• Security gap - the gross risk score based on the cost of defects and coverage gaps

• Risk - the net risk score after considering asset class, remediation status, etc.

• Class - reflects the business criticality of the asset. Critical, sensitive or exposed assets will usually get a higher class. Associating assets with a higher class will increase their risk score

• Tags - assets are automatically tagged to allow superior filtering capabilities. New tags can be configured using the policy rules to meet specific use-cases.

Inventory Layouts

To get better context and clarity over your asset inventory, Enso allows flexible structuring with inventory layouts.

Enso comes out of the box with few default inventory layouts, but can be expanded to support additional structures. Some of the most common layouts display the inventory according to organization hierarchy (business units, teams, etc.) or product lines.