How to Release Mobile App Protection Templates Between Teams in DevSecOps Build System

Last updated January 11, 2024 by Appdome

This Knowledge Base article describes how to use Appdome’s Release Fusion Set feature to advance mobile app protection templates (Fusion Sets) through a security release process involving multiple teams, while at the same time achieving ‘separation of duties’ among the teams and its members.

Note:

Separation of Duties (also known as segregation of duties) is a set of operational practices and internal compliance requirements designed to prevent security control failures and/or abusive practices. This objective is achieved by disseminating the tasks and associated privileges for a specific security process among multiple people on different teams and applying controls and entitlements that enforce separation and prevent members from assuming roles on multiple teams. A simple example of separation of duties would be to ensure that a person who requests approval for a certain task cannot also approve the task.

What is the Appdome Release Fusion Set Feature?

Appdome’s  Release Fusion Set to New Team  feature allows customers to release security templates (Fusion Sets) to other teams within the security release process, in a way that allows organizations to comply with separation of duties requirements. This is achieved by ensuring that team member responsibilities, roles, and entitlements are spread across multiple teams, and that team members who share Fusion Sets between different teams cannot be a part of both teams.

How To Use Appdome Release Fusion Set (With Separation of Duties)

To access the Release Fusion Set feature, use any of the methods below:

  • Go to My Fusion Set dropdown and select Release Fusion Set (which becomes visible when hovering).
    Fusion Set dropdown > Release Fusion Set command
  • Alternatively, click the … (Details) icon to open Fusion Set Summary, with the Fusion Set details tab displayed by default, and the click Release Fusion Set.
    Fusion Set Details tab

After selecting Release Fusion Set, you may be presented with several options. If your company requires separation of duties, you should select the option Release Fusion Set to New Team as shown below. Using this option will ensure that the Released Fusion Set is frozen for both teams and also maintain separation of duties by not allowing team members to be a part of both the originating team and the receiving team for the Released Fusion Set.

Release Fusion Set to New Team

Note: Using the Release Fusion Set To New Team option will automatically freeze the Fusion Set for BOTH teams (even if the Fusion Set for the originating team was not frozen).Release Fusion Set to a Team Empty Fields

Note: Before clicking Release, you can back away from this option by selecting Back to Team Selection. From there, you can choose a different option to Release the Fusion Set.

Release 5

To continue with the Release Fusion Set  To New Team option, enter Team Name and Team ID in the required fields as shown below and click Release.

Release fs to new team 6

Upon successful release, the team member who released the Fusion Set will see the following notification.

Released To Team5

After releasing the Fusion Set, you will see an indication within your own Team that the Fusion Set is frozen and Released, as shown in the figures below.

Fs Qa

Fusion Set Summary

The receiving Team will see an on-screen alert notifying them that the Fusion Set has been released to their team. Entitled members of the receiving team will see an option to either “Accept” or “Decline” the Released Fusion Set (Note, only team members who have the proper Entitlement will see this alert).

Note: The receiving team will also receive an email notification (if that option is enabled) which includes all the details about the released fusion set.

The receiving team can preview all the security features contained within the Released Fusion Set by selecting it.

Note: The receiving team will not be able to build with the Released Fusion Set until they have accepted it. This is indicated when the Build My App button remains disabled (greyed out) until the Released Fusion Set is accepted.

Prerequisites for using Appdome Release Fusion Set

In order to use Appdome’s Release Fusion Set feature, you’ll need the following:

Related Articles

For info on related features to Release Fusion Set, check out the following KB articles.

Please feel free to request a demo at any time.

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

To zoom out on this topic, visit the Appdome platform page on our website.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Appdome

Want a Demo?

Cyber Release Management™

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.