AppControl Repository
The AppControl Repository is a centralized database maintained by Blue Storm that contains information on vulnerabilities, component versions, and log solutions. It is updated both manually and automatically to ensure accuracy and completeness.
Data Sources and Updates
The repository is automatically updated with new information from the following sources every 24 hours:
Sonatype OSS Index – A widely used database for open-source component vulnerabilities.
Siemens Security Advisory List – Provides security advisories relevant to Mendix components.
Mendix Marketplace – Contains information about available Mendix components and their versions.
Maven Repository – A widely used repository for Java dependencies, including Mendix-related components.
Component Detection and Identification
AppControl detects the components used in applications through:
Component Metadata Analysis: Extracting metadata from application files to identify used components.
File Fingerprinting: Generating SHA1 hashes of files and comparing them to known components in the repository.
To improve component detection, AppControl shares anonymous fingerprinting information with Blue Storm. If an unidentified component is detected, Blue Storm support is notified to manually analyze and classify the component.
Repository Synchronization
Each customer instance of AppControl synchronizes with the central repository once per day to ensure it has the latest information for policy checks and compliance monitoring.
Last updated