About Forces status delay for Integrates Exploits

What happened

On April 21th, 2020, an Integrates exploit had an incorrect status with respect to Integrates.

This happened because Forces deployments were only triggered by the following causes:

  • When a new exploit is added
  • When an old exploit is improved
  • When an old exploit is deleted
  • When secrets are modified/rotated
  • When a finding has its treatment updated on Integrates
  • Every 48 hours

And we were missing the following events, some of them are new Integrates functionality:

  • When a finding is re-attacked on Integrates (formerly verification request)
  • When a finding description is updated
  • When a finding gets its treatment updated
  • When a finding is deleted
  • When a draft-finding is approved and released to the customer
  • When a vulnerability reported via API is approved and released to the customer
  • When a vulnerability has its treatment updated
  • When a vulnerability is re-attacked on Integrates (formerly verification request)
  • When a vulnerability is deleted, added or updated

What we’ve done

We solved the problem in 1785be8 making all current actions that modify the state of findings and vulnerabilities trigger a Forces deployment for the owner subscription

What’s the impact

We received one incident via e-mail from one of our customers