@@ -6,15 +6,69 @@ title: Advanced Security
66
77![ Advanced Security Header] ( ./assets/banner-security.png )
88
9- The Advanced Security module helps you keep track of all the dependencies of your site. It provides a dashboard that shows you
9+ Enterprise sites on the web can be a big target for potential hackers, so ensuring a high level of security is critical. Altis
10+ is built from the ground up for [ security-by-design] ( docs://security/ ) of the platform, but we're always working hard to help
11+ improve customer security on the platform too.
12+
13+ The Advanced Security module helps you keep track of all the dependencies of your site. It provides a dashboard that shows you
1014any security alerts related to the plugins and themes you have used to build your site.
1115
12- We have partnered with Patchstack to provide this service. Patchstack is the world's largest vulnerability discloser with over
13- 10,000 vulnerabilities in their database.
16+ Although we still recommend you use [ GitHub Dependabot] ( docs://guides/automatic-updates.md ) to keep your dependencies up to date,
17+ this module provides an additional layer of security by alerting you to known vulnerabilities in your plugins and themes. It also
18+ provides virtual patching for these vulnerabilities if you have the firewall mitigation enabled.
19+
20+ We have partnered with Patchstack to provide this service. Patchstack is one of the largest open-source vulnerability
21+ disclosers in the world with over 30,000 vulnerabilities in their database.
1422
1523## How it works
1624
25+ Every time you build your site, the Advanced Security module will scan your plugins and themes for known vulnerabilities. If any
26+ known vulnerabilities are found, they will be presented in the dashboard. This is done at build time so that you have a chance
27+ to update your plugins and themes _ before_ you deploy the new build to production.
28+
29+ If you have the firewall mitigation enabled, the module will also provide virtual patching for the vulnerabilities found.
30+ This means that even if you can't update a plugin or theme immediately, the firewall will help protect your site from known
31+ vulnerabilities when you deploy your build to production.
32+
1733### Known Vulnerability alerts
1834
35+ When the module finds a known vulnerability in one of your plugins or themes, it will display an alert in the dashboard. The alert
36+ will look something like this.
37+
38+ ![ Known Vulnerability Alert] ( ./assets/dashboard-1.png )
39+
40+ The alert will show you a list of all your plugins and themes. It will indicate the version in your build, if different, and any
41+ known vulnerabilities. There will be a link to more information about the vulnerabilities. You can click on the link to view more
42+ details about the vulnerability, including the CVE ID, a description of the vulnerability, and the fixed version number without the
43+ vulnerability.
44+
1945### Virtual Patching Protection
2046
47+ Patchstack vPatching auto-mitigates security vulnerabilities even when there's no official patch available. It's the fastest and
48+ most effective way to eliminate new security vulnerabilities without sacrificing performance.
49+
50+ ## How to configure Advanced Security
51+
52+ ** Your subscription** : Altis Advanced Security is an add-on to your existing Altis environments, and is not included as a
53+ standard part of your subscription. Contact your account manager for more information about adding Advanced Security to your
54+ subscription.
55+
56+ Once you have a license, enable the module in your ` composer.json ` file.
57+
58+ ``` json
59+ {
60+ "require" : {
61+ "altis/advanced-security" : " ^23.0.0"
62+ }
63+ }
64+ ```
65+
66+ or run
67+
68+ ``` shell
69+ composer require altis/advanced-security:^23.0.0
70+ ```
71+
72+ When you push these changes to your repository and build your app, Advanced Security will be enabled on your environment.
73+
74+
0 commit comments