Monitoring
Monitoring is AISafe's continuous security validation capability. Once you enable it on a Project, AISafe re-validates existing finding proof-of-concepts and alerts you when a fix regresses or an area that was safe becomes vulnerable.
How it works
- You configure monitoring checks on a project, specifying which findings to monitor and on what cadence.
- AISafe re-tests finding proof-of-concepts against the current state of the target.
- If a vulnerability you fixed is exploitable again, AISafe raises a regression event.
- Regression events fire
monitoring.regressionwebhooks so your team can respond.
Regressions
A regression occurs when a vulnerability marked fixed is exploitable again. This can happen when:
- A subsequent code change reverts or circumvents the fix
- A dependency update reintroduces a patched vulnerability
- An infrastructure change exposes a mitigated attack vector
Monitoring catches these regressions, so you do not have to wait for the next scheduled scan or a real attacker to discover them.
Setup
To enable monitoring:
- Create a Project bound to your repository or target.
- Configure monitoring checks on the project, selecting which findings to monitor.
- Set up webhook subscriptions for
monitoring.regressionevents to get alerted.
See Guide: Monitor for regressions for a step-by-step walkthrough.