Repository

Analyzer: Repository

The Repository Analyzer provides comprehensive visibility into your source code repositories, their dependencies, vulnerabilities, and compliance status. It helps Development teams, Security Operations (SecOps), and IT Operations (ITOps) teams to effectively manage repository health, security posture, and compliance requirements across the software development lifecycle.

Sightline: Organization Info

The Organization Info sightline provides insights into GitHub organization structure and metrics.

Widgets:

• Organizations

• All Users

• Users Without Contributions

• Distribution of Users by Organization

• Single Owner Organizations

• Organizations with Too Many Owners

Sightline: Git Access & Governance Posture

The Git Access & Governance Posture sightline focuses on repository visibility, access controls, and organizational governance policies.

Widgets:

• Public Repositories

• Private Repositories with Forking Enabled

• Organizations with missing 2FA

• Repositories with Too Many Admins

• Repository Visibility Distribution

Sightline: Git Secure Development Posture

The Git Secure Development Posture sightline analyzes security practices in development workflows and code repositories.

Widgets:

• Repositories without Default Branch Protection

• Repositories Allowing Unsigned Commits

• Incorrect storage of secret in GitHub Actions

• Shell Injection Risks in GitHub Actions

• Top 5 Riskiest Repositories Git Posture

Alerts

Count of Vulnerable Repositories

The Count of Vulnerable Repositories alert highlights repositories with vulnerabilities.

Count of Vulnerable Packages in Repositories

The Count of Vulnerable Packages in Repositories alert provides visibility into package vulnerabilities.

Repository Critical Vulnerability

The Repository Critical Vulnerability alert highlights the number of critical vulnerabilities in open-source software, supporting immediate prioritization and remediation to mitigate high-risk threats.

Repository High Vulnerability

The Repository High Vulnerability alert highlights high-severity vulnerabilities in open-source software, aiding in structured and efficient response planning.

Repository Medium Vulnerability

The Repository Critical Vulnerability alert highlights medium-severity vulnerabilities in open-source software, aiding in structured and efficient response planning.

Repository Low Vulnerability

The Repository Critical Vulnerability alert highlights low-severity vulnerabilities in open-source software, aiding in structured and efficient response planning.

License Policy Violation

The License Policy Violation alert identifies license policy violations.

High Risk Repository

The High Risk Repository alert identifies repositories with critical security concerns.

Secrets Discovered in Code

The Secrets Discovered in Code alert identifies repositories containing exposed secrets, enabling swift action to secure sensitive information.

PIIs Discovered in Code

The PIIs Discovered in Code alert identifies repositories containing exposed Personally Identifiable Information (PII), enabling organizations to address privacy risks and ensure compliance with data protection regulations.