Fortify, SQ, PEN, Whitelisting
Foritfy & SonarQube
For Fortify, SonarQube, Dependency Check, and Pen Test findings - the CAT team will processes these requests in Jira.
Fill out a SonarQube/Fortify Whitelist Request| Support Level | Function | Swarm? | Team | Escalation | Outage Response Time | SLA Time to Initial Response Working Hours | SLA Time to Resolved (After Initial Response) Working Hours |
|---|---|---|---|---|---|---|---|
| SCA CAT | Fortify, SonarQube, Dependency Check, and Pen Test findings | N/A | Cyber Applications Team | 0800 CST-1800 CST M-F | < 72 hours | < 16+ hours |
Trufflehog, Twistlock, & Anchore
| Support Level | Function | Swarm? | Team | Escalation | Outage Response Time | SLA Time to Initial Response Working Hours | SLA Time to Resolved (After Initial Response) Working Hours |
|---|---|---|---|---|---|---|---|
| SCA MDO | Trufflehog, Twistlock, and Anchore findings. | N/A | Mission DevOps Team | -Triaged immediately. -All submitted issues are resolved same day. -SCA issues that can be resolved in 5-15 minutes. | Immediate 0800 CST-1800 CST M-F | < 8 hours | < 3 hours |
- For Trufflehog, Twistlock, and Anchore Whitelisting - the MDO team will process these requests via the P1 help desk .