How Xygeni works
The Xygeni platform is a cloud-based service, accessible via REST API, that keeps findings and metadata from different sources.
The Xygeni Scanner, runs in your internal network and asses your infrastructure for different types of vulnerabilities (Visit here for further info on available scanners).
Once the scan is done, you decide either to upload the results to the Xygeni servers (to see the results into the SaaS Xygeni Dashboard) or keep the results locally for further processing.
The Xygeni platform is represented by the chart below:

Scanner
Xygeni provides a command-line interface (CLI) for running the scanner. The scanner can either run analysis commands separately, like detecting hardcoded secrets or misconfigurations, or run all the analyses at once.
The scanner is java based and can be triggered directly from the command line, from any batch program (Unix shell script, Windows batch, PowerShell script, etc.), from git hooks (pre-commit, pre-receive) or embedded into CI/CD pipelines.
The scanner can be scan a file directory, a container image, a repository or group of repositories and even a whole SCM organization.
Scanner findings can be inspected in the Dashboard, downloaded via Xygeni REST-API, exported in several formats (csv, json, etc...) and also create tickets (Jira, GitHub) or opening messages (Slack) to notify your team about an issue.
Dashboard
The Dashboard is the web user interface for showing the results of the scans. The dashboard provides a summary security posture and the breakdown of security issues at the global, group or project levels.
Trends exploration, reporting, and platform administration, among other facilities are also displayed.
Rest API
The REST API is the central element in the platform. All elements in the platform use the API as a backbone for reporting findings and receiving the processed information for integration into Xygeni tools, third-party plugins and integrations or any custom integration for organizations.
Integrations
Xygeni provides integrations for running scans or uploading security issues, performing administrative operations, or exporting findings to communication and reporting tools.
Sensor
Activity on public repositories is monitored by Xygeni so potential attacks could be detected early. Publishing new packages in popular public repositories is an example of an activity that is monitored by Xygeni. In addition, security advisories are ingressed for modelling new threats and malicious activity on the wild. Xygeni customers may receive alerts when a security issue may affect them.
Last updated