BLACKSHIELD

公开文档

Customer docs for onboarding, trust, and day-2 operations.

Use these guides to launch quickly, complete security reviews, run reliable operations, and solve common issues independently.

Create workspaceRead onboarding guideView after-login checklistDeploy scanner clientsOpen trust center overviewOpen questionnaire packSet up AI assistant workflowsCheck support SLAFix common ingest issues合作伙伴计划

Need Fast Help?

Start here to resolve the most common onboarding and ingestion blockers.

Open troubleshooting

Security Review?

Use the trust center and questionnaire pack to answer legal and security due-diligence requests.

Open trust center package

Escalation

For urgent production incidents, include workspace details, job IDs, and timestamps in your support request.

Contact support

Developer Quick Starts

Copy the fastest deployment path for your environment.

Start with a working snippet, copy the command or file, then open the full guide only if you need deeper rollout detail.

Browse all deployment guides

GitHub Actions

GitHub Actions workflow

Drop one workflow into the repository and run Trivy, Semgrep, TruffleHog, and Syft in parallel.

.github/workflows/security-scan.yml
bash
bash <(curl -fsSL https://stg-blackshield.chaplau.com/source-bundles/github-security-scan.sh)
Download source阅读指南

GitLab CI

GitLab CI pipeline

Add one security stage that scans merge requests, default-branch builds, and scheduled pipelines.

.gitlab-ci.yml
bash
bash <(curl -fsSL https://stg-blackshield.chaplau.com/source-bundles/gitlab-ci.sh)
Download source阅读指南

GitHub Deploy Gate

GitHub Actions deploy gate

Drop in one workflow that evaluates the hosted Rego decision API before production deploys and prints the reasons inline.

.github/workflows/deploy-guardrails.yml
bash
bash <(curl -fsSL https://stg-blackshield.chaplau.com/source-bundles/github-policy-guardrails.sh)
Download source阅读指南

GitLab Deploy Gate

GitLab deploy gate job

Add one reusable deploy job that checks allow, warn, or deny outcomes against your tenant policy pack before release.

.gitlab/deploy-guardrails.yml
bash
bash <(curl -fsSL https://stg-blackshield.chaplau.com/source-bundles/gitlab-policy-guardrails.sh)
Download source阅读指南

AWS Lambda

AWS cloud scanner source

Bootstrap the AWS CDK project locally, then deploy the tenant-owned cloud posture scanner without rewriting the commands.

deploy/aws-cloud-scanner/
bash
bash <(curl -fsSL https://stg-blackshield.chaplau.com/source-bundles/aws-cloud-scanner.sh)
cd deploy/aws-cloud-scanner
Download source阅读指南

GCP Cloud Run

GCP cloud scanner source

Bootstrap the Terraform module locally, then deploy the cloud scanner to your target projects and regions with the same commands shown in the guide.

deploy/gcp-cloud-scanner/
bash
bash <(curl -fsSL https://stg-blackshield.chaplau.com/source-bundles/gcp-cloud-scanner.sh)
cd deploy/gcp-cloud-scanner
Download source阅读指南

Kubernetes

Helm chart source

Pull the Helm chart source locally, review the templates, and install the cluster scanner from your own repository.

deploy/helm/secplatform-k8s-scanner/
bash
bash <(curl -fsSL https://stg-blackshield.chaplau.com/source-bundles/k8s-scanner-helm.sh)
cd deploy/helm/secplatform-k8s-scanner
Download source阅读指南

SaaS on AWS

AWS SaaS scanner source

Bootstrap the AWS CDK project locally, then deploy the tenant-owned Lambda scanner without rewriting the commands.

deploy/aws-saas-scanner/
bash
bash <(curl -fsSL https://stg-blackshield.chaplau.com/source-bundles/aws-saas-scanner.sh)
cd deploy/aws-saas-scanner
Download source阅读指南

SaaS on GCP

GCP SaaS scanner source

Bootstrap the Terraform module locally, then deploy the Cloud Run Job scanner with the same commands shown in the guide.

deploy/gcp-saas-scanner/
bash
bash <(curl -fsSL https://stg-blackshield.chaplau.com/source-bundles/gcp-saas-scanner.sh)
cd deploy/gcp-saas-scanner
Download source阅读指南

指南合集

15-20分钟

完成工作区开通

创建您的工作区、第一管理员和集成密钥,以便您的团队可以开始安全地获取结果。

受众: 工作空间所有者和第一租户管理员

阅读指南

30-45分钟

登录后:首日下一步

使用此第一天清单从空工作区转移到经过验证的结果和明确的所有权。

受众: 新租户管理员和安全主管

阅读指南

10-15分钟

导入首批发现

在扩展到更多集成之前,运行首次扫描、提交结果并确认数据质量。

受众: 安全工程师、CI所有者和集成工程师

阅读指南

建议进行持续每日审查

审查并确定发现优先级

使用风险、可利用性和所有权来确定修复的优先级,以便团队首先修复重要的问题。

受众: 安全分类团队、工程主管和服务所有者

阅读指南

前 30天

首批发现后的后续工作

将初步发现转化为具有明确指标、所有权和报告的可重复安全计划。

受众: 安全程序所有者和工程经理

阅读指南

2 minutes

Deploy the Pipeline Scanner

Embed Trivy, Semgrep, TruffleHog, and Syft into every commit with a single workflow file. Works with GitHub Actions, GitLab CI, and Bitbucket Pipelines.

受众: DevOps engineers, platform engineers, and security engineers

阅读指南

3 minutes

Gate Deploys with Hosted Rego Guardrails

Add a lightweight CI step that sends deploy context to your tenant and gets an allow, warn, or deny decision back without self-hosting OPA.

受众: Platform engineers, release managers, and security engineers

阅读指南

5 minutes

Deploy the Cloud Scanner on AWS

Scan your AWS environment for misconfigurations with Prowler, deployed as a Lambda container on EventBridge Scheduler — no EC2, no always-on compute.

受众: Cloud engineers, security engineers, platform teams

阅读指南

5 minutes

Deploy the Cloud Scanner on GCP

Scan GCP project posture with Prowler via a serverless Cloud Run Job triggered by Cloud Scheduler. One Terraform apply deploys to any number of projects and regions.

受众: Cloud engineers, security engineers, platform teams

阅读指南

2 minutes

Deploy the Kubernetes Scanner

Scan cluster posture with kube-bench (CIS benchmarks), kubescape, and Kyverno policy telemetry. One Helm chart install, one kubectl secret — done.

受众: Platform engineers, Kubernetes administrators, security engineers

阅读指南

5 minutes

Deploy the SaaS Scanner

Discover over-privileged OAuth grants, stale app access, and shadow AI tool sprawl across Google Workspace, Microsoft 365, and GitHub. Runs entirely inside your tenant boundary.

受众: Security engineers, identity and access management teams, platform engineers

阅读指南

3 minutes

Deploy the VM and Host Scanner

Ingest OSSEC and Wazuh host intrusion detection alerts into the platform for correlation with cloud and container findings. Works with Docker Compose, systemd, or ECS Fargate.

受众: Security operations teams, infrastructure engineers

阅读指南

10-15分钟

数据处理与分包处理方

了解处理哪些客户数据、涉及哪些子处理者以及哪些法律保障措施应用。

受众: 安全审核员、法律团队、隐私团队和采购利益相关者

阅读指南

12-18分钟

信任中心:安全态势概览

使用本指南在生产部署之前评估 BlackShield 安全控制、数据处理和运营承诺。

受众: 安全审核人员、采购、法律和风险利益相关者

阅读指南

15-20分钟

安全问卷资料包

使用此响应包通过可重复使用的答案和链接证据快速完成安全尽职调查请求。

受众: 客户安全审核员、采购团队和法律利益相关者

阅读指南

15分钟

数据生命周期与租户下线

规划保留、导出和卸载步骤,以便数据处理保持可预测、可审核且符合策略。

受众: 合规、法律和平台运营团队

阅读指南

10分钟

事件响应与客户通知

了解事件严重性、升级流程和沟通期望,以便您的团队能够快速响应。

受众: 安全主管、运营团队和客户成功团队

阅读指南

8-12分钟

可用性、支持与SLA

按计划层查看正常运行时间目标、支持响应承诺和升级渠道。

受众: 运营、支持、采购和服务所有者

阅读指南

15-20 分钟

高管报告包:MTTR、风险趋势与SLA

生成面向管理层的整改报告,覆盖MTTR、严重/高危积压、SLA达标率,以及按仓库/团队划分的责任归属。

受众: 安全负责人、工程管理者与租户管理员

阅读指南

10-15 分钟

控制覆盖率与基准热力图

将已映射的发现转换为适合审计和管理层评审的基准态势、服务汇总和可导出报告。

受众: 安全负责人、审计人员、租户管理员和服务负责人

阅读指南

12-20分钟

灾难恢复与业务连续性

在重大服务中断之前规划恢复目标、故障转移验证和通信步骤。

受众: 平台运营团队和业务连续性所有者

阅读指南

10分钟

安全信任与共同责任

查看 BlackShield 管理哪些安全控制以及哪些控制由您的团队保留。

受众: 安全架构师、合规所有者和平台管理员

阅读指南

12-15 分钟

API 安全加固(OWASP API Top 10:2023)

查看 BlackShield 如何针对 OWASP API Top 10 中的授权、滥用和错误配置风险保护公共 API 与租户 API。

受众: 安全架构师、AppSec 评审人员与合规相关方

阅读指南

15-20分钟

身份生命周期与访问控制

设置帐户配置、角色更改和快速离职,以便团队的访问保持受控演变。

受众: IT管理员、安全运营团队和工作区所有者

阅读指南

10-15分钟

不可篡改审计日志与证据导出

过滤安全相关事件并导出可辩护的证据包以进行审计、调查和合规性审查。

受众: 安全管理员、合规团队、和审计员

阅读指南

10-15分钟

行使租户数据权利(GDPR/CCPA)

使用自助隐私工具查看帐户数据、导出记录并在需要时请求租户删除。

受众: 租户管理员、隐私官员和法律利益相关者

阅读指南

20-30分钟

启用AI助手与MCP工具

连接您首选的 AI 提供商和 MCP 客户端,以便团队可以运行辅助分类和安全审核工作流程。

受众: 安全平台管理员和集成工程师

阅读指南

10-15分钟

故障排查与平台限制

快速解决常见的摄取、身份验证和吞吐量问题具有可重复的故障排除流程。

受众: 租户管理员、DevOps团队和扫描仪操作员

阅读指南
Public Docs | BlackShield