COB.RA is focused on the preparation of risk assessments and the systematic follow-up of security weaknesses. In the previous sections, some of this functionality has been outlined. However, there are a few things we find worth mentioning in addition, have a look below!
Configurable notifications and reminders
COB.RA allows you to configure different types of reminders for expiring security exceptions, overdue findings, security decisions which should be reviewed soon etc.
Management of security exceptions and decisions
You know the situation – for some reason, a security control needs to be temporarily bypassed, and an exception needs to be granted for this. But where to document this? COB.RA has you covered.
Integration with infrastructure as code checks (IaC)
If you use infrastructure as code (likely Terraform), you might be familiar with Checkov or Terrascan. COB.RA allows you to integrate the results of these infrastructure as code compliance scans into your risk assessments.
Flexible permission control system
COB.RA supports authentication via SAML and OIDC, so there’s no need for you to manage separate identities. But also the access rights within COB.RA are linked to groups or attributes you define in your local identity management system. If you want to temporarily grant colleagues additional access to specific resources (e.g., write access to a certain business impact analysis), you can use a link-based mechanism for that, comparable to Google Drive. Integration with your local IT infrastructure is possible through service accounts.
GraphQL API
The modern GraphQL API makes integration with other systems particularly efficient, since you can retrieve precisely the data you need.
Security and architecture
The COB.RA backend is developed in Golang, while the frontend is written in Typescript / Vue.js. If you decide to host COB.RA on your own IT infrastructure, you will get access to a containerized version of the application. The Docker image, and all libraries and dependencies of the entire stack are updated roughly twice per week to the latest version.