Skip to main content
The Inventory page gives you a complete view of every asset in your environment. Cloud resources, databases, code repositories, SaaS applications, and physical devices — all tracked in one place with ownership and classification data.

What inventory is for

Auditors ask “what systems do you have?” and “how are they classified?” before anything else. You cannot protect what you do not know about. The Inventory module answers both questions by pulling asset data from connected integrations and letting you add manual entries for anything not covered by an integration.

How asset data is collected

Assets flow into DSALTA from two sources:
  • Integration-sourced — When you connect cloud providers (AWS, GCP, Azure), hosting platforms (Heroku, DigitalOcean, Netlify), or code repositories (GitHub, GitLab), DSALTA automatically pulls the list of resources. Each asset shows the integration name as its source.
  • Manual — For assets not covered by integrations (e.g., on-premise servers, physical hardware, SaaS tools without API support), you can add entries manually.

Viewing your inventory

Each asset displays:
ColumnDescription
NameResource name (e.g., “prod-db-01”, “api-gateway”)
TypeServer, Database, Repository, Application, Storage, Network, or Other
SourceIntegration name or “Manual”
Location / RegionWhere the asset is hosted (e.g., us-east-1, europe-west1)
OwnerTeam or individual responsible for this asset
ClassificationCritical, High, Medium, or Low
StatusActive, Decommissioned, or Under Review
TagsCustom labels for filtering and grouping
Click any asset to view the full detail page with configuration details, linked vulnerabilities, and related controls.

Classifying assets

Classification is required by ISO 27001 (A.8.2.1) and expected by SOC 2 auditors. Every asset should be classified by how critical it is to your operations:
  • Critical — Production databases, authentication systems, payment processing. Downtime or breach has severe business impact.
  • High — Internal tools, staging environments, monitoring systems. Important but not directly customer-facing.
  • Medium — Development environments, testing tools, non-sensitive repositories.
  • Low — Documentation sites, marketing tools, archived resources.
Classification determines which security controls apply. Critical assets require encryption, backup, monitoring, and access controls. Lower-classified assets may have fewer requirements. To classify assets in bulk, use the filter and multi-select features to apply classification to groups of similar assets at once.

Integrations that feed Inventory

IntegrationAssets pulled
AWSEC2, RDS, S3, EBS, EFS, Lambda, DynamoDB, Redshift, ElastiCache, and more
GCPCompute Engine, Cloud SQL, GKE, Cloud Storage, BigQuery, Bigtable
AzureVMs, SQL, Storage Accounts, Cosmos DB, AKS, Key Vault, Databricks
GitHub / GitLab / BitbucketRepositories
DigitalOcean / Heroku / NetlifyDroplets, apps, sites
To connect an integration, go to Integrations in the DSALTA sidebar.