Manage Extend app security
Overview
AccelByte Gaming Services (AGS) scans all the images of your running Extend apps to identify potential vulnerabilities, ensuring they remain secure against various threats. Scans are conducted immediately after an image is uploaded, followed by periodic scans every Sunday at 00:00 UTC for all images of running Extend apps. These scans generate security reports for each application, summarizing any vulnerabilities detected during scans, including their severity and recommendations or solutions. AGS categorizes vulnerabilities based on the level of severity: low, medium, high, and critical.
This feature aims to keep you updated of your Extend apps' security status, enabling you to make knowledgeable decisions about necessary updates or fixes and helping you prioritize actions that enhance your apps' security.
Subscribe to an Extend app to receive email notifications for when critical vulnerabilities are detected in the app. See Turn on alerts for more information.
View scan results of an Extend app image
On the Extend app's details page, click Image Version History. A list of all image versions of the Extend app appears.
From the list, the image versions with detected vulnerabilities will have a warning icon. Click Scan Results to view the full security report of the image.
- If AGS detects critical vulnerabilities in the current (latest deployed image) of an Extend app, a banner will appear at the top of the app's details page with the option to view the scan results. Click See Scan Results on the banner to view the full report.
Turn on alerts
Subscribe to the Extend app to receive email notifications for when critical vulnerabilities are detected in the app. On the details page of the Extend app, click Subscribe and select Image Vulnerability. If you also want to be notified for when the app is down, select All. To stop receiving email notifications, unsubscribe from the Extend app. For more information, refer to the Manage Extend app notifications and subscribers article.
Scan result severity definition
| Name | Description | Example |
|---|---|---|
CRITICAL | This is the most severe level, where vulnerabilities could lead to a complete system compromise. Immediate remediation is strongly recommended. | Vulnerabilities that allow remote code execution, unpatched zero-day exploits, or critical data leaks that provide full access to system resources. |
HIGH | Vulnerabilities with a high severity are serious and could potentially be exploited to compromise the system's confidentiality, integrity, or availability. | Weak encryption algorithms, flaws that could lead to privilege escalation, or exposure to attacks like SQL injection if exploited in specific ways. |
MEDIUM | This severity indicates a vulnerability that poses a moderate risk. Exploiting these could impact functionality or lead to some level of exposure but is not considered critical. | Libraries with issues that could be exploited in specific scenarios, like allowing attackers to gain limited access to data under certain conditions. |
LOW | Vulnerabilities at this level represent minor security risks. They may have limited impact and are typically harder for attackers to exploit. | Minor issues like minor version mismatches or deprecated code that does not directly affect security. |
INFORMATIONAL | This level includes vulnerabilities that are not an immediate threat, but provide information about potential weaknesses or configurations. These are generally low-priority items that don't currently impact security but might still be worth addressing. | An outdated package that has no known vulnerabilities but may not follow best practices. |
UNDEFINED | The vulnerability might be newly discovered, and the assessment process is still in progress. The vulnerability was not assigned a priority by the CVE source. | The severity is a newly discovered vulnerability with incomplete analysis or lacking a CVSS score, awaiting further assessment to determine its impact. |