Multi-version support
The security dashboard supports running security tests across multiple versions of your app. You can detect the same issue across your test and live versions separately, and track the resolution status for each one independently.
In addition to the native test and live versions, you can also add custom staging branches for even more flexibility.
How do I enable or disable versions?
By default, only the Live and Main branches are included in security tests. To add or remove versions, go to Security > Tools & Settings > Versions in your security dashboard.
You can also open the settings directly:
How do I add a custom branch?
By default, the security dashboard tests the test/development and live versions of your app. To add a custom staging branch:
Open the Tools & More tab from your dashboard
Select the Versions card
You'll see both the versions already added and the available versions you can add
Click Add next to the version you want to include in tests
Changes to version settings may take a few hours to propagate, especially when removing a version.
Reviewing page sensitivity
Every time a new page is added to your app, you'll be prompted to review its sensitivity. Keeping these ratings accurate gives you:
More relevant alerts when a vulnerability is found
More precise issue severity ratings
Appropriate security checkpoints for each page
How the default rating is assigned
When a page is first discovered, the Predict AI automatically assigns a sensitivity rating based on the page name, the databases used within the page, and any workflow actions it contains. This AI-assigned rating persists until you set one manually.
Which rating should I assign?
As a general rule, any page you wouldn't want just anyone accessing is sensitive.
Always mark test pages as High sensitivity.
Sensitivity | Description | Examples |
๐ข Not sensitive | Pages without sensitive data or workflows, related to non-sensitive content. | Blog article, contact page |
๐ด Sensitive | Pages with always-critical data or workflows, typically administrator pages. | Admin dashboards, test pages |
Reviewing database sensitivity
Every time you add a new data type or database field to your app, you'll be prompted to review its sensitivity. Accurate ratings help the dashboard:
Alert you when potential vulnerabilities are identified
Assess issue severity more accurately
Run security checks tailored to your database
How the default rating is assigned
When a field is first discovered, the Predict AI assigns a sensitivity rating based on the field name and type. This persists until you set a rating manually.
Which rating should I assign?
Any field you wouldn't want anyone to have access to is sensitive.
Sensitivity | Content | Examples |
๐ข Not sensitive | Irrelevant information or data related to app operation. | Signup step, Blog content |
๐ด Sensitive | Personal data of your users, or highly sensitive data. | User First Name, Company Email, API Tokens, Invoice File |