Security FAQ

The following table provides answers to frequently asked questions regarding SBOM Insights security.

Frequently Asked Security Questions

Question

Answer

What are the password complexity requirements?

SBOM Insights passwords must contain at least eight characters and also include at least one of the following:

Lower case letter
Upper case letter
Number
Symbol (for example, !@#$%^&*)

Passwords may not include any part of the user’s email, and must not be the same as the user’s last 4 passwords.

How does SBOM Insights store my password?

SBOM Insights protects passwords using the bCrypt algorithm, which is a one-way hash function incorporating salt.

Can I reset my password if I have forgotten or lost it?

Yes, you can send an email to reset your password.

Reset your password at https://sca-app.revenera.com/password/request. Enter your email address and click Email Link.

What happens if I am locked out?

After attempting to log in three times with an incorrect password, your account will be locked out for 15 minutes. During the lockout period, you cannot log in (even with the correct password), but you can reset your password. Lockout is used to block brute-force attacks.

How long is the idle session timeout?

30 minutes

How long is the absolute session timeout?

8 hours

Where can I find information about which users in my Organization are active or inactive?

Administrators in an Organization can navigate to the SBOM Insights Administration menu and select Users from the Identity Management sub-menu to see activity information. After selecting a user, navigate to the Info tab.

Last login indicates the last time this user logged into the SBOM Insights UI.

Last API login indicates the last time when this user used their API refresh token to create an access token for SBOM Insights API access.

How are the user’s last login and last API login timestamps calculated?

SBOM Insights users are global and often have access to multiple Organizations. Each user’s Last login and Last API login timestamps are also global.

When a user logs in to the SBOM Insights UI, their Last login timestamp is updated and visible to administrators in any Organization they have access to.
When a user uses their API refresh token, their Last API login timestamp is updated and visible to administrators in any Organization with which they are affiliated.