Application Package
๐ Application Package in ASPM
๐ง Overview: What Is an Application Package?
An Application Package (or AppPackage) is the central unit used to represent and manage an application as a complete business and technical entity within the KScope Asset Registry.
Rather than being a single file or executable, an Application Package encompasses:
Front-end interfaces (UIs)
APIs and backend logic
Data storage and workflows
Integration points
Infrastructure and hosting information
Security and business ownership
It is the logical container for all components that deliver a discrete business function or service.
๐ก Why Application Packages Matter in ASPM
In Application Security Posture Management (ASPM), understanding an application's structure and business context is essential for:
Identifying critical business systems for prioritization
Applying CIA ratings to assess security posture
Tracking application lifecycle, ownership, and compliance posture
Enabling governance, risk assessment, and remediation across deployments
Application Packages serve as the anchor for linking related deployments, components, risk ratings, and business impact data.
๐ Application Package โ Element Type Details
๐ Description:
The ApplicationPackage entity represents a structured model of the application. It includes technical and business metadata that supports lifecycle, classification, and risk evaluation.
๐ฏ Significance in ASPM:
Application Packages are foundational to all ASPM activities. They are where organizations define:
Security posture (CIA)
Business importance (RTO/RPO)
Strategic alignment (TIME model)
Ownership and accountability
๐งพ Schema Table
Attribute
Type
Description
applicationName
String
Unique, human-readable name of the application
description
Text
Detailed explanation of the application's functionality and purpose
lifecycleStatus
Enum
Current stage in the lifecycle: Active, Retired, Pending Active, etc.
omsCiaRating
Enum
Security classification for Confidentiality, Integrity, Availability
rto
Duration
Recovery Time Objective: Max downtime allowed before business impact
rpo
Duration
Recovery Point Objective: Max data loss tolerated before business impact
timeClassification
Enum
Strategic value classification: Tolerate, Invest, Migrate, Eliminate
applicationType
Enum
Origin type: Homegrown, End-user Computing, COTS, SaaS
architectureType
Enum
Type of architecture: Non Platform Application, Platform Application, Platform Host
platformHost
String (nullable)
Required if architectureType is Platform Application; identifies the host system
installType
Enum
Hosting type: On Premise, Cloud, Hybrid, Third Party Hosted
createdDate
DateTime
Timestamp when the AppPackage was first recorded
lastUpdatedDate
DateTime
Most recent update timestamp
owner
String
Owner or accountable person/team for the application
โ
Summary
An Application Package is the core construct in ASPM that enables unified modeling of business applications. By capturing ownership, lifecycle, architecture, and criticality, it supports:
Risk-based prioritization
Lifecycle governance
Strategic alignment
Security posture evaluation
In short, everything else in ASPM โ deployments, components, CIA ratings, business impact โ starts with an Application Package.
Last updated
Was this helpful?