Roles and workflows

Learn about different ASoC tasks and workflows for different authorized ASoC users with a valid subscription.

ASoC Roles

Not all ASoC functions and tasks are performed by the same person – though they could be. Ensure the persons performing ASoC tasks have the appropriate permissions on relevant systems and according to company policy for their roles.

Administrative tasks

Administrative tasks are higher-level tasks that enable users to run and report on scans seamlessly within organizational policy and guidelines. Administrator tasks include, but may not be limited to:

  • Managing the ASoC subscription
  • Defining and administering users
  • Defining and administering asset groups
  • Defining and administering policies
  • Setting up DevOps integrations
  • Overseeing audits
  • Regularly reviewing ASoC operation and settings

User tasks

User tasks are core scanning and remediation tasks. With administrative tasks complete, users can focus on making sure code is clean and secure. User tasks include, but may not be limited to:

  • Creating applications
  • Setting up scans
  • Configuring scan automation
  • Running scans
  • Working with logs
  • Triaging scan results
  • Understanding issues
  • Running reports
  • Remediating code
  • Rescanning

General workflows

How you work within your organization depends on a variety of factors. However there are some common workflows:

ASoC administrator workflow

ASoC user workflow