Reference

User Management

Every user signed up for Soluble is tied to an organization. The first user from the organization sets up an account and has the ability to invite other people to his organization and can be assigned a role ( Owner, Write and Read ). Each invited user will be part of the organization they are invited to and they can also join a default organization of his own, so they can explore Soluble on their own.

Invite user

  1. Under settings, press Users.

  2. Under the Users, press Invite.

    SSH Page

  3. Provide the email address of the person whom you would like to invite to your organization and select a role from the dropdown. User roles explained below.

  4. Press Invite

Roles

Each user role is specific to that particular organization where it was applied.

  • Owner - The user who created the initial account for the organization is the Owner. The Owner will have access to all the functionalities in that particular organization. They have the permission to grant / revoke permissions to the other users in the organization.

  • Write - The user has the permissions for reading and writing any entities in the organization except for Users and Billing.

  • Read - The user has permissions to read anything in the organization.

Tokens

Soluble Tokens are of two types:

  • Access tokens - These are used for integrating Soluble with other party tools, such as Soluble CLI etc.

  • Agent tokens - These are used by Soluble agents deployed in Kubernetes clusters.

Generating Access token

To generate an access token

  1. Under Settings, press Tokens.
  2. Under the access tokens, click on Generate Access Token.

    SSH Page

Agent Tokens

All the agent tokens used by Soluble agents for kubernetes should be visible under the Agent tokens.

Token Management

Any user with the right permissions will be able to Disable or Revoke tokens.

SSH Page

Organization Setup

The owner of the organization can configure the Organization settings, like the display name of the organization, Login provider for organization. Organization ID is provided by the Soluble itself, and users are not able to edit them.

SSH Page

Alerts

Alerts provide an easy way to handle any issues identified by the Soluble Fusion platform. Alerts can be created for the failed findings from the assessments from a finding's action

Soluble, when integrated with other third party platforms like Slack, Jira., provides an easy way to manage the security / configuration issues identified by Soluble, and automates Jira ticket creation with just a click of a button and Slack notification.

SSH Page

Dashboard

The Soluble dashboard provides an easy way for tracking, analyzing and displaying key information, which helps you to monitor the security / configuration issues in your infrastructure.

SSH Page

Integrations

Soluble provides an easy way to integrate with third party tools like

  • Slack
  • Jira
  • AWS
  • kubernetes

To integrate with the above tools, click on the Integrations sidebar navigation.

Slack

Soluble can be integrated with just a click of a button.

Configuring Slack with Soluble:

  1. Navigate to Integrations page and click on Slack Tile Configure button.

    SSH Page

Jira

You need a Jira API token for this.

Enter the following Jira details to finish the integration.

  • URL - Domain of the Jira URL of your organization.
  • Username - Jira username of the provided api token.
  • Key - API token created above.
  • Default Project - Provides the default project that can be used by Soluble to create Jira tickets for Soluble alerts.

    SSH Page

AWS

Soluble can be integrated with AWS by running a simple script.

Adding an AWS Account:

  1. Under the Integrations side menu, click on the AWS tile.

  2. Click on the Add Account button and copy the command provided and run it in your terminal.

    SSH Page

Repo Config

Each git repository can have a configuration file named .soluble/config.yml in the root of the repository. This file is sent along with the asessments and can control how Soluble Fusion behaves.

The following describes the configuration options available in this file:

Ignore Files

The ignore directive takes a list of strings, which are interpreted using gitignore syntax.

Example:

ignore:
  - "test/**"
  - "some-other-file"

Note: Currently this directive only applies to assessments uploaded to Soluble Fusion. The ignore directive will not be applied to local CLI output.

Suppress Findings

The suppress directive takes a list of strings that are matched against the sid for a particular finding.

suppress:
  - "sid-1"
  - "sid-2"

Note that you can also suppress findings from the UI.

Note: Currently this directive only applies to assessments uploaded to Soluble Fusion. The suppress directive will not be applied to local CLI output.

Zodiac Config

HTTP Proxy

If your environment requires an HTTP proxy to reach the internet, you will want to add HTTP_PROXY and optionally NO_PROXY to the Zodiac kubernetes deployment manifest in the container spec section:

      env:
        - name: HTTP_PROXY
          value: http://mycompanyproxy.com:8080
        - name: NO_PROXY
          value: internalhost.example.com,another.example.com

For example:

Proxy

Git Providers

GitHub

Webhook Configuration

You will want to configure a webhook for reach repo that you want Soluble Fusion to scan. Webhooks are configured for each repo here:

https://github.com/ORG_NAME/REPO_NAME/settings/hooks

Alternatively, you can use Organization Webhooks so that webhook events are sent for all of your repos, without having to configure each one.

Organization webhooks are configured here:

https://github.com/organizations/ORG_NAME/settings/hooks

The fields to configure are:

Payload URL - https://api.soluble.cloud/api/v1/github/webhook/SOUBLE_ORG_ID

Replace SOLUBLE_ORG_ID with the 12-digit organization id, which you can find here: https://app.soluble.cloud/admin/org.

The content type should be test to application/json.

In the Secret field, you should enter a shared secret. You will configure the same secret here: https://app.demo.soluble.cloud/integrations/config/GitHub.

The events to send are Pull and Pull Request. You can specify Just Send Me Everything if you like.

Webhook Config

GitLab

Webhook Configuration

GitLab webhooks should be configured similarly to GitHub above.

The payload URL is:

https://api.soluble.cloud/api/v1/gitlab/webhook/SOUBLE_ORG_ID

Replace SOLUBLE_ORG_ID with the 12-digit organization id, which you can find here: https://app.soluble.cloud/admin/org.