Asset Management
Alvor builds a living inventory across every environment, with an extensible set of built-in asset types plus custom types you define. Every asset is connected to the risks, policies, and compliance controls that depend on it.
The asset record
Most platforms have an asset inventory. Alvor has an asset record: one entity with six dimensions, each cross-linked, each evidencing a different part of the security program.
app.example.com
Dimensions
6
Cross-linked into
Risk, Continuity, Compliance
Source of truth
One record
Status, criticality, ownership, and lifecycle. The header every other dimension reads from.
Vulnerability findings from integrations and manual assessments. CWE references, severity, integration source, lifecycle state.
Four dimensions get dedicated landing pages because their categories warrant standalone consideration: dependency mapping, components, business continuity, and data governance. The other two live on the asset itself, where they belong.
Core capabilities
Find every asset - managed or shadow, cloud or closet. Ingest via API integrations, CSV/JSON import, or manual entry.
Tag each asset with criticality, data sensitivity, regulatory scope, and encryption status. Dual ownership baked in.
Follow every asset from Plan through Acquire, Deploy, Operate, and Retire. No stale spreadsheet rows.
Attach governance records: data types (PII, PHI, PCI), retention periods, encryption, processing justification.
Campaigns on your schedule. Owners notified at 7, 3, and 1 day before deadlines. Overdue assets auto-escalate.
Map upstream and downstream relationships between assets, services, and data flows.
How it works
DISCOVER
Four ingestion paths ensure nothing hides. API integrations pull from Veracode, AWS, Azure, and GCP. Bulk CSV/JSON import handles legacy data. The REST API lets you build custom connectors.
CLASSIFY
Criticality levels, data classification tiers, encryption tracking, regulatory scope, dual ownership, and a flexible EAV architecture for custom fields.
CERTIFY
Certification campaigns run on your schedule - monthly, quarterly, annual, or custom. Owners are notified at 7, 3, and 1 day before the deadline. Overdue assets auto-escalate.
The connective tissue
In Alvor, every asset is natively linked to the modules that depend on it. A vulnerability flows to a risk, maps to a compliance control, triggers an action plan - all traced back to one record.
AWS RDS · us-east-1 · vpc-0a1b2c3d
3
linked risks
Risk
Criticality informs risk scoring. Impact analysis auto-links to affected assets.
12
controls mapped
Compliance
Evidence campaigns target asset groups. Scoring weighs inventory completeness.
5
design reviews
Secure by Design
Architecture diagrams reference asset nodes. Findings create linked risks.
8
active policies
Policy
Policies scope by asset type. Exceptions and acknowledgments target custodians.
Connects to your stack
Encrypted credential storage · Configurable sync schedules · Full audit trails
Asset Management
Alvor builds a living inventory across an extensible set of built-in asset types, plus custom types you define. Every asset is automatically linked to the risks it carries, the policies that govern it, and the compliance controls that depend on it.