feat(iast): added draft content per hero request

newrelic · Jun 6, 2023 · 01753b8 · 01753b8
1 parent c18cdcd
commit 01753b8
Showing 1 changed file with 43 additions and 0 deletions.
diff --git a/src/content/docs/iast/use-iast.mdx b/src/content/docs/iast/use-iast.mdx
@@ -258,4 +258,47 @@ SELECT * FROM Vulnerability WHERE issueType = 'Application Vulnerability' AND ap
 
     </Collapser>
 
+    <Collapser
+    id="random-files"
+    title="I see random files/directories in my application directory."
+>
+    Yes, it is expected to see the random files/directories being generated if your application has the functionality to create files/directories as part of serving the HTTP request, IAST engine will try to probe the code path and hence create such files. The files which are created by application code under the influence of incoming HTTP requests cannot be deleted by the agent.
+
+    If you are sure that none of your APIs can create files/directories, please share your application's configuration and logs with our support team at support.newrelic.com.
+
+    </Collapser>
+
+    <Collapser
+    id="not-responding"
+    title="My application is not responding/crashed in the IAST testing."
+>
+    It is possible to see such behavior because as a part of IAST analysis, as the security agent sends new request to the application and that increases the load resulting in increase in resource utilization. This IAST analysis can also expose uncaught error/exception in your application.
+
+    If the application has crashed due to resources, please increase the resources and restart the application and perform IAST testing.
+
+    </Collapser>
+
+    <Collapser
+    id="golang-vuln"
+    title="My Golang application vulnerability is not being detected."
+>
+For Golang, make sure that you have imported the required instrumentation packages for the libraries and frameworks that your application is using.
+
+For instance, let's suppose that your application is using the following library:
+https://github.com/robertkrimen/otto
+
+For this, you need to import the following instrumentation package:
+github.com/newrelic/csec-go-agent/instrumentation/csec_robertkrimen_otto
+
+    </Collapser>
+
+    <Collapser
+    id="not-see"
+    title="I'm not able to see all the expected vulnerabilities for my application running in Windows environment."
+>
+Currently it is expected to miss some vulnerabilities in the windows environment as it is not fully supported at the moment.
+
+WARNING: IAST must only be used in the pre-prod environment
+
+    </Collapser>
 </CollapserGroup>