Xygeni User Guides
  • Welcome to Xygeni
  • Getting Started
    • Create a Free Trial account
    • Quick start with your code repository
    • Quick start with Xygeni CLI
    • Quick start with preloaded project
    • Log in to Xygeni
    • Subscribe to Xygeni
  • Introduction to Xygeni
    • Key Concepts
      • Projects in Xygeni
      • Project Baseline
      • Detected Issues
      • Remediation Actions
      • Policies
      • Risk Level
      • SDLC Inventory
      • Standards Compliance
      • GuardRails
    • Xygeni Products
    • How Xygeni works
    • Xygeni Web UI Overview
      • Projects Screen
        • Risk Level
    • Integrating Xygeni into your Workflow
    • Prioritization Funnels
      • Custom Funnels
      • Prioritization Criteria (Stages)
        • Reachability
        • Exploitability
        • Fixable
    • Guardrails
    • Generate a SBOM
    • Reports
      • Trends
      • Scans
    • Supported Integrations
    • Customizations
  • Xygeni Products
    • Application Security Posture Management (ASPM)
      • ASPM User Interface Guide
      • All Risks
        • Statistics
        • Issues Evolution
        • Issues comparison between different scans
      • Inventory
        • All Assets
        • Projects
        • Components
        • CI/CD Assets
        • Delivery Assets
        • Systems & Tools
        • Collaborators
      • Health Check
      • Inventory Scanner
        • Inventory Scanner Configuration
        • Inventory Collaborators Scan
      • Importing reports from 3rd party tools
        • External Scanners Supported
          • Report upload for Kiuwan
            • ExportRule (.java)
    • Code Security (CS)
      • CS User Interface Guide
        • Risks (SAST)
        • Malicious Code
      • Malware Scanner
        • Malware Scanner Configuration
        • Malware Detectors
      • SAST Scanner
        • SAST Scanner Configuration
    • Open Source Security (OSS)
      • OSS User Interface Guide
      • Open Source Components
      • Supported Package Managers for dependency resolution
      • Risks (SCA)
      • OSS Prioritization Funnels
      • OSS Auto-Remediation
      • Malware Early Warning (MEW)
        • How Malware Early Warning works
        • Common types of Malware found in open source packages
      • Malware EW
      • Dependency Scanner
        • Dependency scanner configuration
        • Dependency Analyzers
      • Suspect Dependencies Scanner
        • Suspect Deps Scanner Configuration
        • Suspect Deps Detectors
    • Software Supply-Chain Security (SSCS)
      • SSCS User Interface Guide
      • Risks (CI/CD)
      • Compliance
      • CI/CD Scanner
        • CI/CD Misconfigurations Scanner Configuration
      • Compliance Scanner
        • Supported compliance standards
    • Build Security
      • Build Security Concepts
      • Attestation format
      • How SALT works
      • Installing Salt CLI
      • Salt Command-Line Reference
      • SALT Architecture
      • SALT How To…​
    • Secrets Security
      • Secrets User Interface Guide
      • Secrets Scanner
        • Secrets scanner configuration
      • Secret Leaks Handling
        • Secret Leaks Handling
        • How to Prevent Hard-Coded Secrets
        • Secret Leaks Handling CheatSheet
      • Secrets Auto-Remediation
    • IaC Security
      • IaC User Interface Guide
      • IaC Scanner
        • IaC Scanner Configuration
    • Anomaly Detection
      • Anomaly Detection User Interface Guide
      • Xygeni Sensors
        • Xygeni Sensor for Azure
        • Xygeni Sensor for BitBucket
        • Xygeni Sensor for GitHub
          • GitHub Audit Log Processing
        • Xygeni Sensor for GitLab
        • Xygeni Sensor for Jenkins
        • Anomaly Detection's Detectors
      • Code Tampering Scanner
        • Code Tampering Scanner Configuration
  • Xygeni Scanner CLI
    • Xygeni Scanners
    • Xygeni CLI Overview
      • Xygeni CLI Prerequisites
      • Xygeni CLI Installation
      • Xygeni CLI Docker Image
      • Xygeni CLI Authentication
        • CLI Authentication with Xygeni
      • SCM, CI/ CD and Container Registry tokens
      • Xygeni CLI Operation Modes
        • Single scan
          • Scanning a docker image
        • Multi Scan
        • Organization scan
      • Xygeni CLI Configuration options
      • Xygeni CLI Output Formats
      • Exporting Xygeni results to 3rd party tools
      • Automatic Remediation
      • Generate SBOM with the Xygeni CLI
      • CLI utils
        • Credentials Encryption
        • Central Configuration
      • Xygeni Guardrails
        • CI/CD Audit Analysis
      • Xygeni CLI Error Codes
      • Xygeni Scanner Reference
  • Xygeni Administration
    • Platform Administration
      • Profile
      • Subscription
      • User Management
      • Projects Management
      • Projects Groups Management
      • Policies
      • Managed Scans
      • Integrations
        • Xygeni Single Sign-On (SSO) Authentication
          • SSO - OKTA
          • SSO - Microsoft Entra ID
        • Integrate Scanner CLI into CI/CD Systems
          • Azure Pipelines Integration
          • BitBucket Integration
          • CircleCI Integration
          • GitHub Actions Integration
          • GitLab Runner Integration
          • Jenkins Integration
          • Travis CI Integration
        • Git Hooks with Xygeni
        • Collaboration & communication Tools
        • Ticketing Systems
        • Remediation systems
      • Notifications
    • Rest API
  • Support
  • Changelog
    • Version 5.9 – March 26, 2025
Powered by GitBook
On this page
  • Statistics
  • Filtering the list of projects
  • List of projects
  • The project details (Slide)
Export as PDF
  1. Introduction to Xygeni
  2. Xygeni Web UI Overview

Projects Screen

PreviousXygeni Web UI OverviewNextRisk Level

Last updated 21 days ago

The Projects Screen is the first page you see when you login to https://in.xygeni.io/auth/login

This screen enables users to:

  • View some basic statistics regarding the number of projects and issues of the organization

  • View the list of projects scanned in the organizacion. The projects are ordered by last scan although the user can order them by other criteria clicking in the columns header of the table. For each project, user can see the branch configured as default in Xygeni.

  • View the Security Posture for each project and a summary of issues by severity. Projects containing any type of malware are remarked with a special symbol (skull)

  • Access to most usual actions related to projects with one click.

In this screen the Project Selector does not apply. The screen always shows all projects. The screen is shown and described in detail below:

Statistics

This section shows the number of projects scanned in the organization. Projects is a sum both of repositories and images scanned.

The following box shows a summary of total issues by severity in these projects. In the slide of detail of each project the user can check the stage of the SDLC in which Xygeni located potential malware and go to that section directly.

Finally, there is a quick access to the Managed Scans section, so the customer can configure integration with their SCM and launch the first scan of a project from there. Once the project is scanned and in the platform, the configuration of the project and management of scan can be done from this screen.

Filtering the list of projects

As usually in all the screens showing any list, the user can customize the list of projects shown in the table applying filters. Here we consider the following criteria:

  • Alert: Filter by different types of alerts associated to the project as for example containing malware. Only projects with that alert associated will be in the table below

  • Project Type: to select projects of type ´Repository´ or ´Image Container´

  • Name pattern: The table shows only projects with the string in the name

  • Branch pattern: As the previous value, table only shows projects with the default branch containing the string in the filter

  • Risk Level: Table consider only projects in the risk levels selected. Below you have more details about the Risk Score calculation and values.

  • Tags: to show only projects with tags containing the string provided in this filter.

When the customer apply any custom criteria, the option ´Clear All´ over the filter boxes becomes red to remark that the filtering criteria is customized. Clicking on that option the filter will be reset to its default options.

Risk Score and Risk Level

The Risk Score (or Risk Level, RL for short) is a quantitative measure of the current risk with software supply chain attacks, and models the security posture of the DevOps system, according to the scans performed by the Xygeni platform.

In the Xygeni Screens we can access to Risk Score of all assets in the SDLC such as Projects but also for components, pipelines, collaborators, etc.

RL is a function of the issues found for the asset, with range the interval [0, 100], computed at the project level. When a project has no (detected) issues, its RL is zero. Higher values for RL are worse.

The RL is qualified in three categories that make more evident how good or bad is the risk for the organization. Each category is encoded with a color following the "semaphore" scheme:

  • Low: RL between 0 and 33, green color.

  • Moderate: RL between 33 and 66, yellow color.

  • High: RL between 66 and 100, blood-red color.

See Risk Level for further information and details.

List of projects

In the section of the list the user finds a table with several details

  • Last scan date: The date of the latest scan of the information shown in the table

  • Number of projects from the total items complying with the criteria of the filter. The table uses infinite scroll, so the user only has to scroll on the table to automatically load the next block.

  • Bulk actions button: It will enable when one or more projects are selected clicking on the check box of the rows and based on the selection will enable applicable operations

User can interact with the rows in different ways

  • Clicking on the name of the project, the user goes to All Risks section to see all risk of the project

  • Clicking on a white space of the row, the slide with details about the project will be opened

  • Clicking on the scan now button will launch an on-demand scan of the project

    • Note: If the project has been scanned using the CLI and it is not integrated with the managed scans system, this option will not be available and the button will be disabled.

At the end of each row, there is an icon with 3 dots that deploy a contextual menú for one-click access to different options.

Although the operations are self descriptive, below you can find a quick description:

  • Scan Now: equivalente to click the blue button to launch an on-demand scan if the project is integrated in the managed scan system

  • View All Issues: equivalente to click on a white space of the row. It opens a slide with additional information as described below

  • View All Issues: equivalent to click on the name of the project. It goes to the All Risk section to access all issues found in the project.

  • View Dependency Graph: If the user has the inventory license, the system shows the graphical representation of the project that shows all assets with its security posture and the relationship among them

  • Download SBOM: download the SBOM file in the selected format

  • Configure Project Settings: Only available for Root and Project Manager users. It opens the slide for configuration of the project without need of going to the settings section.

  • Go to Repository: If detected, it opens a new window and shows the repository of the project in the corresponding SCM

The project details (Slide)

When customer clicks on the row, or select the option of view details a slide with several sections opens:

The Actions button on the top right area shows the same actions that the menú in each row described above.

Summary

The summary view of the projects shows meta information related to the project date, size and location. Second section shows information about the team and most active users. Finally, some statistics from the languages contained in the project are also available.

Important: If the project contains malware a red notices will be shown on the top. Detailed sections containing malware is available in the Findings section.

Findings

Second section of the slide of information shows a detailed view of the issues found in each stage of the SDLC. Clicking on the name of the stage, the user will go to the specific list of issues in the corresponding product.

A special symbol (skull) appears before the name of the section, if the system detects malware there. Visiting the specific list of issues will show the malware on top of the vulnerabilities detected.

Note: Malware detection requires ´Premium´ or ´Enterprise´ plan to enable malware detection capabilities.

In the section below the statistics, User can directly see the first 5 issues of the category selected in the selector. For each issue the ´View Details´ option open another slide with details for the issue as in the specific risks screen