Group Management
Vigiles offers a collaborative group structure to users that makes it easier for you to work within teams (internal and external) while allowing you to restrict access of users on a need and requirement basis. The group structure is as follows:
- Organization: The highest level of a group; ex. A whole company structure
- Organizations are only able to contain groups. To create a folder first a group must be created.
- Group: The second-highest level of group. A group can contain both subgroups and folders; ex. A division or department of a company
- A primary group can have both folders and subgroups.
- Subroup: One of the final levels of grouping; ex. A project or a organization team.
- A Subgroup can be further divided by more subgroups or can be divided by folders.
- Folders: Another final level of grouping; ex. a groups release folder.
- Folders can only contain sub-folders and cannot contain a group or subgroup
Organization
The Organization is at the top of the group structure, and serves as the object that most users will get their permissions from. Inside an organization, you can have varied levels of groups, subgroups, folders and sub-folders, and are able to grant or revoke permission to view, modify, or delete these substructures inside the "Organization Members" page if you are a site-wide admin, or an organization admin.
Group and Subgroup Dashboard
The Group/Subgroup Dashboard is the primary storage location for both SBOMs and folders. Subgroups are displayed on the left side of the Group Dashboard in the "Subgroups" section with folders and SBOMs displayed in the main section on the right. From here you can create an upload a new SBOM using the "+" button on the Group Dashboard header, or view an existing one by clicking on the name of the SBOM, to view the SBOM Dashboard or by clicking on the "Latest" button to view the SBOM's latest Vulnerability Report
Folders and Subfolders
Folders act as a location to store similar SBOMs. This could be a group of SBOMs that, when viewed together, indicate a group or a revision. Folders are able to contain subfolders, but are not able to contain subgroups.
Folder Actions
You are able to manipulate and modify folders by navigating to the group that contains the folder and selecting the three vertical dots under the "Actions" column. Below are a list of the actions and their functions.
- Delete folder - This action will wipe the entire contents of the folder
- Move folder - Here you can choose to move the folder from one group to another. You can choose to copy the folder, the SBOM Linking settings, and the alert settings, rather than move the contents.
- Rename folder or folder Description - Renames the folder or folder description.
- Download Dashboard Config - This allows you to download a file to use with various Timesys tools such as Meta-Timesys, Vigiles Buildroot, Vigiles OpenWrt or the Vigiles CLI. For more information please see the Meta-Timesys Documentation
- Folder Settings - Here you can download the above dashboard config, or select/deselect SBOM Linking
- Alert Settings - This will take you to the Folder Compliance Settings
Private Workspaces
The private workspace is a default group that every user will have automatically. This is a personal group that is not shared between users. Here is where SBOMs uploaded via our build system tools or the Vigiles CLI will go by default. There is limited functionality in this group. You will not be able to add members, create subgroups, create folders or set compliance settings.
Member Management
Members and their roles can be edited from the Members page. To access this page, first, select the desired group/subgroup from the groups dashboard and then click the "Members" button on the side navigation bar.
Add/Remove members in an organization
Only admins can add or remove members from organizations.
To add a member to an organization:
- Switch to the desired organization by selecting it from the dropdown in the top navigation bar
- Click Organization members from sidenav on Vigiles home (endpoint: /groups)
- Select the user from the dropdown in the Add members subsection (endpoint: /groups/
- Select the role that the new user should have for this group and click "Add user"
- The roles that can be added are:
- Organization Admin
- Maintainer
- Developer
- Guest
- View the permissions matrix for a better breakdown of what these roles can do.
- The roles that can be added are:
Added members can be viewed in the "Current Members" sub-section.
To remove a member from an organization, click on the remove icon in the action column of the table in the "Current Members" sub-section.
Add/Remove members in a group/subgroup
Users can add/remove the members in groups only if the user is given "Maintainer" privileges for the current group or "Organization Admin" privileges to the organization at-large.
To add a member to a group:
- Click "Members" on the Sidenav for the group's home page(endpoint: /groups/
- Select the user from the dropdown in the Add members subsection (endpoint: /groups/
- Select the role the user should have for this group and click "Add user"
Change member role
Members are assigned a role while adding users to the group, which can be changed later on the Members page.
To update the member's role:
- Go to the Members page for the group
- Select the role for the member user in the role column of the "Current Members" sub-section.
- Changes will be saved automatically
Add, Remove, or Archive Groups
Groups can be added/removed/archived by a user with "Admin" "Organization Admin" or "Maintainer" privileges
Add/remove an organization
Organization can be added/removed only by an admin user.
To add an organization:
- Navigate to the Admin Dashboard (endpoint: /admin/)
- Click on the "+ Add" sidenav menu item
- Enter the organziation name and click "Create"
To remove organization:
- From the top right navigation bar go to the Admin dashboard.
- Click on the "X" icon to remove an organization
Add/remove group
Group can be added/removed by a user with "Maintainer" privileges for the group
To add a group:
- On the Vigiles home page click the "Create Group" link on the left-side navigation bar
To remove a group:
- On the Vigiles home page click the "X" icon on the actions column in the Groups table.
Add/remove subgroup
A subgroup can be added/removed by a user with "Maintainer" privileges for the subgroup
To add a subgroup:
- On the groups dashboard click the "+" icon on the subgroups subsection
To remove a subgroup:
- On the groups page click "..." against the subgroup to be removed on the subgroup's subsection
- Select "Delete Subgroup" from the dropdown.
Add/remove a folder
To add a folder:
- Select a subgroup if you would like to create a folder there
- Click "+" dropdown icon on SBOM subsection
- Select the New Folder option from the dropdown
To remove a folder:
- On Groups Dashboard click "..." against the folder to be removed.
- Click "Delete Folder" from the dropdown.
Archive/Unarchive a group
Groups can be archived by a user with "Maintainer" and above privleges for the group. Archiving a group makes it read-only. Content inside an archived group like subgroups, folders, SBOM dashboard, reports, group settings, and compliance settings can still be viewed, but any action within those pages will be disabled. The ability to delete a top-level group will remain, as will the ability to add and remove members from the group. To perform any other action within the group, you will need to unarchive it first.
The Vigiles home page has an "Active" and "Archived" tab. Archived groups will be listed under the "Archived" tab.
To archive a group:
- On the Vigiles home page under the "Active" tab, click the "Archive group" option under the actions column
- You can also archive groups in bulk. On the Vigiles home page under the "Active" tab, choose the groups you wish to archive by selecting the checkbox on the left hand side of the groups table. A "Bulk Actions" menu will appear on the right hand side of the page where you will find the option to archive the groups.
To unarchive a group:
- On the Vigiles home page under the "Archived" tab, click the "Unarchive group" option under the actions column
- To unarchive groups in bulk, select the "Archived" tab, then choose the groups you wish to unarchive by selecting the checkbox on the left hand side of the groups table. A "Bulk Actions" menu will appear on the right hand side of the page where you will find the option to unarchive the groups.
Manage Group settings
Group settings can be managed by a user with "Admin" "Organization Admin" or "Maintainer" privileges
Select Vulnerability identifiers
Vigiles allows users to customize how vulnerabilities are matched in CVE scans by selecting specific identifiers. One or more of the following identifiers can be selected:
- CPE
- PURL
- CVE Product
- Package Name
To select the vulnerability identifiers:
- On the group page click group settings option from sidenav bar
- Select one or more identifiers from the
Select vulnerability identifiersdropdown - Save the settings
Note: CPE, PURL and CVE Product are selected by default.
If the selected identifiers are not found for a package in the SBOM, it will be excluded from the vulnerability search.
This option does not apply to CSV SBOM, as it only includes package name, which is then used for vulnerability matching.
Strict Vulnerability match
Vigiles also allows users to set strict vulnerability matching. When enabled, this option matches vulnerabilities against the product vendor together with the vulnerability identifier.
To enable/disable strict matching:
- On the group page click group settings option from sidenav bar
- Check
Enable strict vulnerability matchingoption to enable strict vulnerability matching - Save the settings
Note: This option is enabled by default.
Admin Dashboard
The Admin Dashboard is available only to Admins. This dashboard allows for both user and organization management.
Organizations
This page shows a list of all organizations. This page provides links to the organizations as well as the ability to rename and delete them.
Users
This page shows a list of all users and their status. Their status of Admin or Regular can be toggled here, and you can modify or delete a user here.
Register User
Admins can add new users from this page.
Deleting a User
To delete a user you will need to navigate to the Users page on the admin dashboard. From here you can click the "..." under the "Actions" column. Selecting "Delete User" will bring up a modal that allows you to reassign private workspaces, and any other object that the user currently owns. You can only reassign to users who are already added to the organization or have the "Admin" role in Vigiles.
Single Sign-on (SSO)
Companies that use identity management systems can leverage SSO, and have employees sign in to Vigiles using their corporate identity. This facilitates easy provisioning of Vigiles to users. Vigiles Enterprise currently supports Azure AD and Okta as Identity Providers (IdP) for SAML SSO.
To use this feature set the flag "enabled" to True in [SSO] section of your Settings.ini file
Role-Based Access Control
Vigiles Enterprise provides four different types of members/users: 1. Admin 2. Organization Admin 3. Maintainer 4. Developer 5. Guest
A user assigned the Guest role has the least permissions, and a user assigned the Admin role has the most.
The Guest, Developer, and Maintainer roles are all assigned at the group level, while the Admin role is site-wide. Only users with the Admin role can manage the Vigiles instance, organizations, and users.
Permissions
The following table describes the permissions granted by each role.
| Action | Admin | Organization Admin | Maintainer | Developer | Guest |
|---|---|---|---|---|---|
| Organization Management | ✓ | ✓ | |||
| Create Organization | ✓ | ||||
| Create Groups | ✓ | ✓ | ✓ | ||
| Move Groups | ✓ | ✓ | ✓ | ||
| Rename Groups | ✓ | ✓ | ✓ | ||
| Delete Groups | ✓ | ✓ | ✓ | ||
| Archive Groups | ✓ | ✓ | ✓ | ||
| Change Group Settings | ✓ | ✓ | ✓ | ||
| Group Management | ✓ | ✓ | ✓ | ✓ | |
| Upload SBOMs | ✓ | ✓ | ✓ | ✓ | |
| Download SBOMs | ✓ | ✓ | ✓ | ✓ | ✓ |
| Generate CVE Reports | ✓ | ✓ | ✓ | ✓ | |
| Use Notes | ✓ | ✓ | ✓ | ✓ | |
| Use Filters | ✓ | ✓ | ✓ | ✓ | |
| View Vigiles Pages | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Documentation | ✓ | ✓ | ✓ | ✓ | ✓ |
| View Reports | ✓ | ✓ | ✓ | ✓ | ✓ |
| Export Reports | ✓ | ✓ | ✓ | ✓ | ✓ |
| Search Vulnerabilities | ✓ | ✓ | ✓ | ✓ | ✓ |
| Compare SBOMs | ✓ | ✓ | ✓ | ✓ | |
| Access Jira Integration | ✓ | ✓ | ✓ | ✓ | |
| Modify or Add Compliance Settings | ✓ | ✓ | ✓ | ✓ | |
| Search SBOMs | ✓ | ✓ | ✓ | ✓ | |
| View SBOM History | ✓ | ✓ | ✓ | ✓ | |
| Add or Remove Users to or from Groups | ✓ | ✓ | ✓ | ||
| See Users in A Group | ✓ | ✓ | ✓ | ||
| Add or Remove Users from Instance | ✓ | ||||
| Modify a User's information | ✓ | ||||
| Edit Vigiles Instance Settings | ✓ | ||||
| Access Vigiles API | ✓ | ✓ | ✓ | ✓ | |
| Add or Remove Users from Organization | ✓ | ✓ | |||
| View Activity Log | ✓ | ✓ | ✓ | ✓ |