Environment Config

Traceable allows you to enable API security testing (AST) and replays for the available environments. This helps when you do not wish to run scans on specific environments or reduce costs by turning off replays. For example, if the production environment contains critical data, you can disable AST for that environment to prevent unintentional testing by other users. Once disabled, you cannot create suites or run scans on this environment. However, you can always view the history of scans executed on the environment from the Suites page under Testing → Security Testing.

Note

Only users with the Security admin role can modify the settings on this page. For more information about different roles, see Team and roles - RBAC.

In the Traceable platform, click on Testing → Settings → Environment Config to access the available environments and their available control options. The following section explains the various components on this page, along with their description:

• Environment — This lists all the environments available in your account. By default, 50 environments are listed on a page.

• AST Status — This option allows you to turn testing on or off in the corresponding environment. To do this, click on Enabled/Disabled which is visible in the AST Status column corresponding to the respective Environment name. If you enable AST, you can create a suite or a quick scan of the environment from the Suites section and vice versa. If you disable it, you can only view scans that have been previously created.

• Replay Status — This turns replays on or off for the corresponding environment. To do this, click on Enabled/Disabled which is visible in the Replay Status column corresponding to the respective Environment name. If you enable replays, the XAST Replay option is enabled when creating a suite or a quick scan on the Suites page and vice versa. Also, if enabled, you can choose to add conditions for including traffic according to your requirements.

  Note

  Enabling this option, further, using XAST Replays in scans may result in additional costs at your end as XAST Replays are long-running tasks that require additional resources as compared to other traffic types.

• Stored APIS — Lists the number of APIs from the corresponding environment for which data is stored. This stored data runs scans when you select XAST Replay as the Traffic type while creating a suite or a quick scan. You can click on the number in this cell to view the list of APIs for which AST has stored data.

  Note

  A blank cell represents that no data has been stored for the APIs in the corresponding environment.

By default, the Environment Config page lists 50 environments. You can click Next at the bottom of the page to view the other environments (if any). You can also change the number of environments visible on this page by clicking on the number in Show <Number> per page.