Concepts
This section explains the building blocks of Furl’s remediation pipeline. Each concept has its own page; together, they describe the path a vulnerability takes from discovery to verified fix.
The remediation pipeline
Section titled “The remediation pipeline”- Findings — Signals from your vulnerability scanners that something needs attention.
- Remediation Subjects — Canonical definitions of what can be remediated (e.g., “Google Chrome”).
- Remediation Targets — Concrete instances of a subject on a specific endpoint.
- Remediation Scopes — Standing policies that define what should be kept healthy.
- Update Rings — Optional phased rollout for scoped remediations.
- Remediation Strategies — Methods for fixing a subject (update, patch, uninstall, configure).
- Strategy Executions — Records of running a strategy on an endpoint.
Cross-cutting concepts
Section titled “Cross-cutting concepts”- Governance — Rules controlling whether remediation runs automatically or requires approval.
- Confidence Score — How reliable a strategy is, computed from its track record.
- Checks — Forge-authored detection patterns that produce findings.
- Tag-Based Execution Policies — Org rules that block or gate Forge actions and Check executions based on endpoint tags, script classifications, and time windows.
How the pieces fit together
Section titled “How the pieces fit together”A scanner reports a CVE on a laptop. Furl turns that report into a finding, links it to the subject it affects (e.g., Google Chrome), and creates a target representing the specific installation that needs fixing.
If an active scope matches the target, Furl picks the highest-confidence strategy for the subject, checks governance rules to decide whether to run automatically or wait for approval, dispatches the work to the Furl agent, and verifies that the finding actually resolved. The outcome feeds back into the strategy’s confidence score so future selections get smarter.