How Xygeni works

The Xygeni platform is a cloud-based service, accessible via REST API, that keeps findings and metadata from different sources.

The Xygeni Scanner, runs in your internal network and asses your infrastructure for different types of vulnerabilities (Visit here for further info on available scanners).

Once the scan is done, you decide either to upload the results to the Xygeni servers (to see the results into the SaaS Xygeni Dashboard) or keep the results locally for further processing.

The Xygeni platform is represented by the chart below:

Scanner

Xygeni provides a command-line interface (CLI) for running the scanner. The scanner can either run analysis commands separately, like detecting hardcoded secrets or misconfigurations, or run all the analyses at once.

The scanner is java based and can be triggered directly from the command line, from any batch program (Unix shell script, Windows batch, PowerShell script, etc.), from git hooks (pre-commit, pre-receive) or embedded into CI/CD pipelines.

The scanner can be scan a file directory, a container image, a repository or group of repositories and even a whole SCM organization.

The Xygeni Scanner can be automatically installed into you repositories or manually embedded into your pipelines. Please visit Quick start with your code repository and Quick start with Xygeni CLI for further information.

Scanner findings can be inspected in the Dashboard, downloaded via Xygeni REST-API, exported in several formats (csv, json, etc...) and also create tickets (Jira, GitHub) or opening messages (Slack) to notify your team about an issue.

See Xygeni Scanner for further detail

Dashboard

The Dashboard is the web user interface for showing the results of the scans. The dashboard provides a summary security posture and the breakdown of security issues at the global, group or project levels.

Trends exploration, reporting, and platform administration, among other facilities are also displayed.

See Dashboard for further detail

Rest API

The REST API is the central element in the platform. All elements in the platform use the API as a backbone for reporting findings and receiving the processed information for integration into Xygeni tools, third-party plugins and integrations or any custom integration for organizations.

See REST API for further detail

Integrations

Xygeni provides integrations for running scans or uploading security issues, performing administrative operations, or exporting findings to communication and reporting tools.

See Integrating Xygeni into your Workflow and Integrations for further detail

Sensor

Activity on public repositories is monitored by Xygeni so potential attacks could be detected early. Publishing new packages in popular public repositories is an example of an activity that is monitored by Xygeni. In addition, security advisories are ingressed for modelling new threats and malicious activity on the wild. Xygeni customers may receive alerts when a security issue may affect them.

See Xygeni Sensors and Anomalus Activity for further details.

PreviousXygeni ProductsNextXygeni Web UI Overview

Last updated