-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAST troubleshooting re-writes #19330
base: develop
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
--- | ||
title: Application stability issue | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Troubleshoot application stability issues in New Relic platform. | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
|
||
Your application isn't stable during high traffic and you are facing latency issues. | ||
|
||
## Solution | ||
|
||
When there is high traffic, your application may show some latency for some time as part of IAST. This should resolve within a few minutes after it finishes IAST. | ||
|
||
You can also check the snapshot log file in the `nr-security-home/logs/snapshots` folder. The log file shows you the status of the security agent, resource usage, and the last five errors. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
--- | ||
title: No vulnerabilities detected for Golang application | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Troubleshoot Golang application if no vulnerabilities are detected. | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
|
||
You don't see any vulnerability for your Golang application. | ||
|
||
## Solution | ||
|
||
For Golang, ensure that you imported the required instrumentation packages of libraries and frameworks. | ||
|
||
For example, your application is using libraries for [Mongo DB](http://go.mongodb.org/mongo-driver/mongo), then you must import this [instrumentation package](https://github.com/newrelic/csec-go-agent/tree/main/instrumentation/csec_mongodb_mongo) from New Relic: | ||
|
||
``` | ||
import ( | ||
"github.com/newrelic/go-agent/v3/integrations/nrsecurityagent" | ||
"github.com/newrelic/go-agent/v3/newrelic" | ||
"github.com/newrelic/csec-go-agent/instrumentation/csec_mongodb_mongo" | ||
"go.mongodb.org/mongo-driver/mongo" | ||
) | ||
``` | ||
|
||
Depending the requirements of your package, you may have to import additional packages. Check our [list of supported packages](https://github.com/newrelic/csec-go-agent#instrumentation-packages). | ||
|
||
Also, make sure you imported the corresponding [package](https://github.com/newrelic/go-agent?tab=readme-ov-file#service-frameworks) for each module. | ||
|
||
- For HTTP protocol endpoint, use the following `newrelic.WrapListen` function to enable vulnerability scanning against the endpoint: | ||
|
||
``` | ||
http.ListenAndServe(newrelic.WrapListen(":<YOUR PORT NUMBER>"), nil) | ||
``` | ||
|
||
<Callout variant="important"> | ||
You can skip this step if you're on a Linux environment. | ||
</Callout> | ||
|
||
- For a specific case of outbound HTTP request or calls to external services, you need to [update your application method](/docs/apm/agents/go-agent/instrumentation/instrument-go-segments/#go-external-segments). |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
--- | ||
title: Unable to find known vulnerabilities | ||
tags: | ||
- IAST | ||
- New Relic IAST | ||
- Troubleshooting | ||
metaDescription: Unable to find known vulnerabilities | ||
freshnessValidatedDate: 2024-07-16 | ||
--- | ||
|
||
## Problem | ||
|
||
I tested an application with known vulnerabilities, but IAST couldn't detect any vulnerability. | ||
Check warning on line 13 in src/content/docs/iast/troubleshooting/unable-to-find-known-vulnerabilities.mdx GitHub Actions / vale[vale] src/content/docs/iast/troubleshooting/unable-to-find-known-vulnerabilities.mdx#L13
Raw output
|
||
|
||
|
||
## Solution | ||
|
||
IAST starts testing when it detects some traffic, so check if your application starts or has any traffic directed at it. Perform the app's UI or API endpoints. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. IAST starts when |
||
Also, IAST requires restarting the application after it's enabled. | ||
|
||
|
||
Ensure that you are using a [supported application framework](https://docs.newrelic.com/docs/new-relic-solutions/new-relic-one/install-configure/compatibility-requirements-new-relic-agents-products/) and the [latest instrumentation package](https://github.com/newrelic/csec-go-agent#instrumentation-packages) for your application. | ||
|
||
|
||
## Cause | ||
|
||
These are the possible reasons IAST isn't detecting any known vulnerabilities: | ||
|
||
- IAST doesn't support application framework. | ||
|
||
- There is no instrumentation for the module. | ||
|
||
- The agent hasn't been restarted after IAST has been installed or configured. | ||
|
||
- No traffic is detected. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The use of first person is inconsistent with the other "Problem" sections