Security Scan

Estimated reading: 3 minutes 146 views

The Security Scan is a protective feature within Robility Designer that helps safeguard automation workflows before deployment. It analyzes the execution log files generated during workflow runs and provides real-time alerts if it detects any security risks, such as hardcoded credentials, embedded secrets, or personally identifiable information (PII), that might be overlooked during development.

Unlike the Workflow Analyzer, which focuses on design issues and inconsistencies, the Security Scan specifically targets security compliance based on the data exposed during workflow execution. Once a solution passes the scan, it is certified as free from compliance issues related to customer information or client data and can be safely published to Robility Manager.

This feature not only helps prevent potential security breaches but also fosters trust among business users by ensuring that sensitive information is not logged.

Note

The feature is currently in preview mode. Click here to learn more about preview release.

Key Benefits

1. Data Protection: Prevents sensitive data exposure in logs and ensures compliance with client data protection policies when publishing to Robility Manager.

2. Flexible Publishing: Allows workflows to be published without certification while clearly indicating their security status and associated risks.

3. Automated Security Review: Automates execution log reviews for security compliance, minimizing manual intervention.

4. Enhanced Governance: Provides automated protection for projects under strict data governance (e.g., healthcare, finance), securing workflows prior to production deployment.

What are these secrets?

Secrets are sensitive pieces of information that must be protected to prevent unauthorized access and data breaches. Examples of these secrets include access tokens, API keys, authentication credentials, database connection strings, and encryption keys.

These secrets are essential for secure integration with third party services or infrastructure. However, if mishandled especially if printed or logged during workflow execution, they can cause significant security risks such as unauthorized access, data breaches, and non-compliance with regulatory standards.

To address this risk, security scans within automation platforms are designed to detect any exposure of these secrets in execution logs. For instance, these tools currently support identification of secrets and access tokens for over 70 commonly used applications, helping to proactively prevent potential leaks. [click here].

How it works?

The Security Scan can be run at any point: during the design phase or after the automation solution is fully developed. When initiated, it executes the automation process and thoroughly scans the resulting log file. A summary of the scan results then appears in the Robility Copilot window.

In cases where vulnerabilities are detected, a detailed Json format Textfile is generated and saved within the solution folder. This report precisely identifies the locations and categories of security issues, enabling users to implement timely corrective measures.

Scan duration may vary, typically ranging from a few minutes, contingent on the solution’s scale and intricacy.

Note The result file is generated only if the security scan detects vulnerabilities and the scan fails. This file provides detailed insights into the identified issues.

Security Scan

Note

Key Benefits

What are these secrets?

How it works?

Security Scan

CONTENTS