Skip to main content

Cantina Code Platform for Organizations

Cantina Code offers a suite of features designed to streamline security review workflows, making it easier for organizations to manage findings, communicate with researchers, and gain insights into security performance. Below is a guide to using each of the key features available on the platform.

Responding to Pings

When a Security Researcher pings you using the @project tag, you’ll receive a notification both in the Cantina Code notifications panel and via email. It’s essential to regularly check for these notifications to respond promptly to questions, as this can lead to discovering vulnerabilities.

How to Use:

  1. Access Notifications Panel: Check the panel on your dashboard to see new pings.
  2. Respond to Pings: Click on the notification to view the comment or question from the researcher. If you find the question useful, you can reply directly or mark it as helpful. If the ping is useful, click on the @project tag and respond.
  3. Ping Limits: Pings may be limited depending on the type of engagement. For instance, in certain settings, pings are capped to ensure they’re of high quality, while in security reviews, pings are unlimited.

Assign Findings

The Assign Findings feature lets you assign submitted findings to internal team members for investigation and resolution, helping streamline the process. This is particularly useful for competitions or collaborative reviews.

How to Use:

  1. Assign a Finding: Navigate to the Findings section and select a finding. Click on the Assign button and choose a team member from the dropdown.
  2. Track Assignment Progress: Once assigned, you can track the progress of the findings through status updates from your team members.
  3. Collaborative Reviews: For collaborative reviews, assign findings to the appropriate code owners or team members to ensure all aspects of the security review are covered.

Autojoin

Autojoin allows company managers to simplify team access by enabling automatic joining of team members to Cantina and shared repositories. This ensures that your team can access the resources they need without additional setup.

How to Use:

  1. Enable Autojoin: As a company manager, navigate to the Settings section and toggle on the Autojoin feature.
  2. Invite Team Members: Once Autojoin is enabled, team members will automatically be granted access to your shared repositories when they join Cantina.

Duplication Management

Cantina Code now groups related findings together, with the canonical finding displayed at the top of the list. This makes it easier to track and manage duplicates and helps prioritize remediation efforts.

How to Use:

  1. View Duplicates: When a researcher submits a finding that matches a previously submitted one, the platform automatically groups them together.
  2. Canonical Finding: The most critical or authoritative finding will be displayed at the top, ensuring you focus on the primary issue. You can also navigate to related findings to see if there are variations or additional details to consider.

Bounty Insights

The Bounty Insights feature offers valuable analytics to help you track the performance of your bounty program, including metrics on findings, page views, participants, and researcher engagement.

How to Use:

  1. Access the Insights Tab: Navigate to the Insights section on your dashboard to view an overview of your bounty’s performance.
  2. Analyze Findings and Engagement: Drill down into metrics like the number of findings submitted, page views, and which researchers are actively engaging with your bounty.
  3. Track Performance Over Time: View data across specific time periods to assess trends and adjust your security strategy accordingly.

User Management

Cantina Code now allows multiple users to be assigned the Manager role, giving your organization more flexibility in managing team members and your company profile.

How to Use:

  1. Assign Manager Roles: As an admin, you can now assign the Manager role to multiple users, allowing them to invite team members and manage your company profile.
  2. Streamline Invitations: Managers can invite new team members to join Cantina and assign them appropriate roles within your organization.
Cantina Code now prioritizes findings based on the reputation score of the researcher who submitted them. This ensures that you see the most impactful findings first.

How to Use:

  1. View Recommended Findings: Findings are automatically prioritized by the platform based on the reputation score of the submitting researcher.
  2. Focus on High-Quality Findings: Begin your review process with the highest-priority findings, ensuring that critical vulnerabilities are addressed first.