Schedule a demo with us
FlexLine is built by TekFive. We'd love to meet with you sometime to demonstrate FlexLine and discuss how FlexLine might work for your organization. To schedule a time, please send an email to the address below.
FlexLine is an end-to-end security scanning, management and prioritization platform. It supports multiple type of scans including Software Compositional Analysis (SCA), Dynamic Application Security Testing (DAST), SSL, Secret Detection, Misconfiguration, Accessibility, and Usability Scans.
FlexLine provides out of the box support for many scanners including trivy, grype, syft, DependencyCheck, ZAP, Lighthouse, trufflehog, Pa11y, Nikto, sqlmap, sslscan, and OpenScap. In addition to the scanners listed, FlexLine is built upon a modular analyzer layer that allows additional scanners to easily be integrated into the system.
FlexLine provides a number capabilities to enhance your supply chain security. All scanned container images and source code repositories have their materials (libraries, packages, etc.) recorded and index. This information can be access from the Material Search feature in FlexLine which allows you to instantly discover which applications and dependencies include particular dependencies. A Software Bill of Material can also be exported from these container images and source code repositories from FlexLine to be used by other systems.
FlexLine is able to create and synchronize Jira issues based upon findings from scans. When previously discovered findings are no longer present from the latest scan, FlexLine will automatically close the issue out with details about the latest scan. Each application scanned by FlexLine can be configured with its Jira project key so that new issues created by FlexLine show up in the correct project and backlog.
FlexLine provides the numerous reports which can be viewed within the web application or scheduled to be delivered via. email as a PDF. Some of the reports included: Stale Container Report, Scan Activity, Findings, Overdue Findings, Stale Materials, Nexus Synchronization, Jira Synchronization, and Risky Vulnerabilities.
Organizations are overwhelmed by the number of vulnerabilities reported on their software. Vulnerability severity is an important prioritization metric but isn't always an indicator of which vulnerabilities are at the greatest risk of being exploited. FlexLine provides a number of metrics in addition to severity that organizations can pick an choose in order to establish their risk and priority profile including Exploit Prediction System and CISA Known Exploited Vulnerabilities Catalog.
FlexLine provides a number of scanning tools to ensure the quality of your application before updates are published to live environments. New vulnerabilities will often be discovered after an application update is released that did not show up in the initial scan. It's important to continually scan your application after go-live to be notified when these vulnerabilities are revealed. All scans within FlexLine can scheduled to execute automatically on a recurring basis.
When new vulnerabilities are published and discovered in your applications it can be important that stakeholders are made aware of this as soon as possible. FlexLine can be configured to send out alerts of new vulnerabilities that meet a certain threshold to both email and Slack channel.
FlexLine provides a full featured REST based API that can be used to systematically access all its functionality. This allows FlexLine to easily be integrated with your CI/CD pipeline or other systems of interests.
FlexLine provides a consistent and unified results view of all the supported scan types. The results of a scan can easily be exported as a PDF or Excel spreadsheet for use with other systems.
FlexLine provides a number of metrics to order and prioritize vulnerability remediation including, CVSS Score & Severity, EPSS Score, Analyzer Confidence, and Known Exploited Vulnerability.
FlexLine provides an intuitive CVSS calculator for Common Vulnerability Scoring System 2 and 3 vectors to perform environmental and temporal scoring on a Software Composition Analysis finding. This calculator can be used to override the base score for vulnerabilities to make the severity rating more accurate in the current environment.
Materials (artifacts and/or libraries) identified in container images from Software Composition Analysis scans can be searched on within the FlexLine web interface to quickly identify which containers or code repositories have dependencies on certain packages or libraries.
A report that shows container repository findings based upon a detailed search criteria.
FlexLine uses a custom Document Object Model (DOM) based web spider for all Dynamic Application Security Testing and usability-based scans. This spider works on Single Page Applications where all browser content is generated on the client side as well as more traditional server-side generated applications.
This report details all active vulnerabilities that have an Exploit Prediction Scoring System score of 50% or more and a CVSS severity of Medium or higher. This report also includes details from CISA’s Known Exploited Vulnerabilities catalog.
The VA's Mobile Application Program (MAP) uses FlexLine for security scanning of their Veteran and Staff mobile and web applications.
FlexLine is built by TekFive. We'd love to meet with you sometime to demonstrate FlexLine and discuss how FlexLine might work for your organization. To schedule a time, please send an email to the address below.