Repository Analyzer

Analyzer: Repository

The Repository Analyzer provides comprehensive visibility into your source code repositories, their dependencies, vulnerabilities, and compliance status. It helps Development teams, Security Operations (SecOps), and IT Operations (ITOps) teams to effectively manage repository health, security posture, and compliance requirements across the software development lifecycle.

Sightline: Repository Overview

The Repository Overview sightline offers an overarching view of the state of software repositories, highlighting vulnerabilities and risk scores.

Widgets:

• All Repositories

• Repos with Vulnerabilities

• Critical Repositories

• High Risk Repositories

• Medium Risk Repositories

• Top 10 Riskiest Repository by Production Risk

• Repository Overview Table

• Risk Score for top 10 Repositories

• Vulnerability Counts by Severity

Sightline: Repository Impact Analysis

The Repository Impact Analysis sightline evaluates the impact of vulnerabilities across repositories, enabling better risk assessment.

Widgets:

• Repository Impact Analysis

• Repositories with High/Critical Vulnerabilities in ECS

• Repositories with High/Critical Vulnerabilities in Container Apps

• EKS Deployed Risky Repositories

Sightline: Repository Vulnerabilities Trend Analysis

The Repository Vulnerabilities Trend Analysis sightline tracks vulnerability trends over time.

Widgets:

• Total Vulnerabilities

• Critical Vulnerabilities

• High Vulnerabilities

• Total Vulnerabilities Count Chart

• High Vulnerabilities Count Chart

• Critical Vulnerabilities Count Chart

Sightline: Package Impact Analysis

The Package Impact Analysis sightline offers insights into package vulnerabilities and their impact.

Widgets:

• All Packages

• Vulnerable Packages

• Package Impact Analysis

Sightline: Package Dependency Overview

The Package Dependency Overview sightline highlights dependencies and their vulnerabilities.

Widgets:

• Package Dependency Overview

• Package Version Analysis

Sightline: Vulnerability Impact Analysis

The Vulnerability Impact Analysis sightline provides a consolidated view of vulnerabilities.

Widgets:

• All Vulnerabilities

• Vulnerability Impact Analysis

Sightline: License Analysis

The License Analysis sightline focuses on compliance and licensing policies.

Widgets:

• Packages Violating License Policy

• Repos Violating License Policy

• Licenses Linked to Packages and Repositories

• Licenses Not Linked to Packages and Repositories

• License Analysis

Sightline: Terraform Vulnerabilities Analysis

The Terraform Vulnerabilities Analysis sightline provides insights into Infrastructure-as-Code (IaC) vulnerabilities.

Widgets:

• Total Terraform Vulnerabilities

• Critical Terraform Vulnerabilities

• High Terraform Vulnerabilities

• Medium Terraform Vulnerabilities

• Low Terraform Vulnerabilities

• Vulnerability Providers

• Repositories with Terraform Vulnerabilities

Sightline: Organization Info

The Organization Info sightline provides insights into GitHub organization structure and metrics.

Widgets:

• Organizations

• All Users

• Users Without Contributions

• Distribution of Users by Organization

• Single Owner Organizations

• Organizations with Too Many Owners

Sightline: Git Access & Governance Posture

The Git Access & Governance Posture sightline focuses on repository visibility, access controls, and organizational governance policies.

Widgets:

• Public Repositories

• Private Repositories with Forking Enabled

• Organizations with missing 2FA

• Repositories with Too Many Admins

• Repository Visibility Distribution

Sightline: Git Secure Development Posture

The Git Secure Development Posture sightline analyzes security practices in development workflows and code repositories.

Widgets:

• Repositories without Default Branch Protection

• Repositories Allowing Unsigned Commits

• Incorrect storage of secret in GitHub Actions

• Shell Injection Risks in GitHub Actions

• Top 5 Riskiest Repositories Git Posture

Sightline: PII and Secret Detection

The PII and Secret Detection sightline offers visibility into secrets identified within Git repositories, enabling proactive remediation and enhanced security posture.

Widgets:

• Secrets Discovered in Code

• PIIs Discovered in Code

• PII Types in Code

Sightline: CheckMarx Vulnerability Analysis

The CheckMarx Vulnerability Analysis sightline provides comprehensive insights into static application security testing (SAST) results from CheckMarx scans, enabling teams to track and remediate vulnerabilities across different severity levels.

Widgets:

• Low Vulnerability Results

• Medium Vulnerability Results

• High Vulnerability Results

• Critical Vulnerability Results

• Distribution of Compliances

Sightline: SAST Vulnerabilities Analysis

The SAST Vulnerabilities Analysis sightline provides comprehensive insights into Static Application Security Testing (SAST) results across repositories, enabling teams to identify and remediate code security issues.

Widgets:

• Total SAST Vulnerabilities

• Critical SAST Vulnerabilities

• High SAST Vulnerabilities

• Medium SAST Vulnerabilities

• Low SAST Vulnerabilities

Alerts

Count of Vulnerable Repositories

The Count of Vulnerable Repositories alert highlights repositories with vulnerabilities.

Count of Vulnerable Packages in Repositories

The Count of Vulnerable Packages in Repositories alert provides visibility into package vulnerabilities.

Repository Critical Vulnerability

The Repository Critical Vulnerability alert highlights the number of critical vulnerabilities in open-source software, supporting immediate prioritization and remediation to mitigate high-risk threats.

Repository High Vulnerability

The Repository High Vulnerability alert highlights high-severity vulnerabilities in open-source software, aiding in structured and efficient response planning.

Repository Medium Vulnerability

The Repository Critical Vulnerability alert highlights medium-severity vulnerabilities in open-source software, aiding in structured and efficient response planning.

Repository Low Vulnerability

The Repository Critical Vulnerability alert highlights low-severity vulnerabilities in open-source software, aiding in structured and efficient response planning.

License Policy Violation

The License Policy Violation alert identifies license policy violations.

High Risk Repository

The High Risk Repository alert identifies repositories with critical security concerns.

Secrets Discovered in Code

The Secrets Discovered in Code alert identifies repositories containing exposed secrets, enabling swift action to secure sensitive information.

PIIs Discovered in Code

The PIIs Discovered in Code alert identifies repositories containing exposed Personally Identifiable Information (PII), enabling organizations to address privacy risks and ensure compliance with data protection regulations.