FAQ
Send your IaC to oak9 via a CI/CD plugin (Jenkins, Azure DevOps, GitHub Actions) or our CLI tool.
Provide oak9 read-only credentials to scan your AWS or Azure cloud.
Authorize oak9 to scan your source code repository (GitHub, Bitbucket) and submit remediation pull requests.
Design Gaps can be found by navigating to a project’s details page and looking at the bottom panel. By default, you will see all gaps; clicking on “Resource” will filter to only that resource’s gaps.
Design Gaps can be security vulnerabilities that compromise your cloud or inadequacies that prevent your cloud from complying with security frameworks. oak9 will identify and show you where design gaps exist; explain the impact of gaps; and help you resolve gaps so your cloud is secure and compliant.
oak9 may store the following based on the type of integration you select:
Credentials to access a cloud provider, repository, CI/CD pipeline, or workflow system
IAC code scanned (repository, CI/CD, CLI integrations)
Point-in-time state of resources, including identified design gaps
oak9 only requires read-only to your cloud. You can see the exact permissions required for AWS and Azure. ( links for AWS & Azure)
AWS: Browse to IAM > Users > Security credentials tab. Locate your access key and verify the status is Active.
Azure: Browse to App Registrations. Select your app and click on Certificates and secrets. Verify the expiration date.
Step 1: We’ll identify your user persona so we can focus on what information is most important.
Step 2: Select applicable compliance objectives.
Step 3: Choose a suitable integration (IAC or cloud path) for your project.
Azure API
Azure Terraform
AWS API
AWS Terraform
These represent the cloud infrastructure that was part of the most recent oak9 scan.
Snooze is used in reference to the specific resource being reported. Policy exceptions prevent a specific design gap from being reported across all resources in a project or the entire organization.
Currently each cloud environment would need its own oak9 project.
A project represents the set of cloud resources needed to serve an application.
No, oak9 does not store your payment information. If you signed up through the AWS or Azure Marketplace, they act as a payment broker.
We currently validate cloud and repository projects at the frequency of your choice, as well as the ability to initiate on-demand scans. We will soon support real-time validations of repositories when commits are pushed to or pull requests are opened against a targeted branch.