Deepfactor Pre-install Checklist

Table of Contents

The Four “I’s”: Install, Instrument, Insights, Integrations #

Deepfactor setup workflow is comprised of Four “i”s – Install, Instrument, Insights, and Integrations. Below we cover the prerequisites required to achieve these four “i”s. Please go through these ahead of your Deepfactor setup to ensure success with the product.

Install – Install the Deepfactor portal #

The Deepfactor portal is the core of the Deepfactor application. It comprises a set of services that receives telemetry data generated from the runtime process of your applications and generates insights.

Deployment of the portal is currently supported in two ways:

    1. AWS – Using a downloadable AWS CloudFormation template. 
      Pre-requisites: This requires an AWS account with an account permission to deploy:

1. One EC2 instance - m5a.2xlarge (recommended)
2. Two EBS storage devices totaling 520GB.
3. An Elastic IP (EIP) address.
  1. VMware – Deploy locally using a downloadable OVA file. 
    Pre-requisites: This requires an ESXi host or VMware cluster with:

1. Administrator permissions
2. 32GB RAM
3. 8 vCPU
4. 520GB Disk
5. A DHCP addressable space

Once complete, review the next step: Launching the Deepfactor Portal after Installation

Instrument – Configure your application to send telemetry data #

Deepfactor works with both containerized apps and traditional non-containerized apps, as long as you are running one of our supported Linux distributions mentioned in this list.

Pre-requisites:

1. Instrumentation of containers will require account access to the Docker build engine
   and possible read/write access to a repository if  image management is used. 

2. Non-containerized binary applications will require read/write access to create a new
   binary file.

 

You can get started by referencing this document:
Instrumenting your first application

Insights – Review the results #

Deepfactor provides insights using its Application Runtime Intelligence module, across three areas:

1. Know Your App
Deepfactor assesses your app’s network topology and composition, and drift between builds. This includes web services. files, network, ports, 3rd Party APIs, and libraries.

2. Know You Security
Deepfactor pinpoints security risks within your code & 3rd party code at execution time. These include:

a. Code execution risks curated by Deepfactor’s security research team.

b. AppSec policy violations.

c. OWASP risks (leveraging a one click/command headless OWASP ZAP Scans integration. Also see: ZAP Scan Q & A).

d. Runtime vulnerabilities (CVEs/CWEs/CVSS scores) in your dependencies and libraries to complement your SCA tools.

Pre-requisites: 
Use your browser to login to the DeepFactor portal and access your insights.

#

Integrations – Integrate with your DevOps pipeline & Dev tools #

Complete your setup by integrating Deepfactor into your existing toolset.

Integrating Jira with Deepfactor portal

Integrating Slack with Deepfactor portal

Pre-requisites:
You need the application administrator rights for integration.
Was this article helpful?

Powered by BetterDocs

Deepfactor Icon

Deepfactor is a developer security platform that enables engineering teams to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance violations early in development and testing.

Product Pricing Resources Company Documentation Login Demo

SUBSCRIBE TO OUR NEWSLETTER!

© 2023 Deepfactor, Inc. All Rights Reserved.

Privacy Policy | Terms of Service | Open Source Disclosure