Resources and Script Inventory

What is Resources and Script Inventory?

Resources and Script Inventory is an automated security feature within Firstoken Monitor that scans and maintains a comprehensive inventory of all JavaScript and CSS resources (both internal and external) loaded on your pages. These scripts and stylesheets represent the primary attack vectors that could potentially introduce security vulnerabilities or enable web skimming attacks.

Unlike CSP Real-Time Monitoring which requires code implementation, Resources and Script Inventory operates entirely through automated scanning—simply enable the feature and the system immediately begins discovering and tracking all JavaScript and CSS resources on your page.

Key Capabilities

• Zero Code Implementation: No JavaScript or configuration required—just enable the feature

• Immediate Initial Scan: Automatic discovery of all JS and CSS resources upon activation

• Weekly Automated Scanning: Regular scans every week to detect new or modified resources

• Incident Tracking: Automatic incident generation for each new or modified resource

• Resource Management: Authorize or block each resource with documented justifications

• PCI DSS 6.4.3 Compliance: Meet the requirement for maintaining an inventory of trusted scripts

• Complete Visibility: Understand exactly what JavaScript and CSS code runs on your payment pages

---

How to Enable Resources and Script Inventory

Enabling Resources and Script Inventory is straightforward and requires zero code implementation:

Enabling Resources and Script Inventory is straightforward and requires no code implementation:

1

Create a Page in Firstoken Monitor

1. Go to Monitor > Pages in the console

2. Click "+ New Page Monitor"

3. Configure the page information:

   • Name: Monitor my Checkout Page

   • Description: Description of your payment page

   • Base URL: https://your-site.com/checkout (your payment page)

4. Enable Resources and Script Inventory

   • Navigate to your page configuration

   • Enable the toggle "Resources and Script Inventory"

5. Configure notifications:

   • Add email addresses that will receive alerts

   • The account owner's email is automatically included

6. Save the configuration

2

Initial Scan and Weekly Monitoring

Once enabled, Firstoken Monitor automatically:

• Performs an immediate, complete scan of your page

• Discovers all JavaScript and CSS resources (both internal and external)

• Populates the Resources section with the inventory

• Sets all detected resources to "Pending Review" status

• Schedules weekly scans to detect new or modified resources

• Generates incidents for any new or modified resources found in subsequent scans

That's it—no code deployment needed!

3

Verify your Resources

You can now navigate to the Resources section to view and manage your inventory.

---

What Happens Next?

After enabling Resources and Script Inventory:

1. Automatic Discovery: The system identifies all JavaScript and CSS resources on your page

2. Inventory Population: Resources appear in your dashboard with detailed metadata

3. Review Required: Each resource needs authorization (Authorize or Block)

4. Weekly Monitoring: Automated scans run every week to detect changes

5. Incident Generation: New or modified resources automatically create incidents for tracking

6. Alerts: Receive notifications through the incident system when changes are detected

---

Next Steps

• How Resources Inventory Works: Learn about the scanning process, resource management, and authorization workflows

• PCI DSS 6.4.3 Compliance: Understand how this feature helps you meet PCI DSS requirements

---

Comparison with Other Monitor Features

Resources and Script Inventory works alongside other Firstoken Monitor security tools:

Feature	Purpose	Implementation Required	Scanning Frequency
CSP Real-Time Monitoring	Detect runtime security violations	JavaScript code + CSP headers	Real-time continuous
Security Headers Scanner	Validate HTTP security headers	None	Weekly automated
Resources Inventory	Manage JavaScript and CSS inventory	None	Weekly automated

Each feature addresses different security and compliance requirements and can be used independently or together for comprehensive protection.

---

Support and Additional Resources

• Technical Support: Contact our team for assistance with Resources and Script Inventory setup

Ready to get started? Enable Resources and Script Inventory in your Firstoken Monitor dashboard today—no code deployment required.