Projects Screen

The Projects Screen is the first page you see when you login to

This screen enables users to:

• Review your organization's total projects count and their associated issues.

• View the list of projects scanned in the organizacion. The projects are ordered by last scan although the user can order them by other criteria clicking in the columns header of the table. For each project, user can see the branch configured as default in Xygeni.

• View the Security Posture for each project and a summary of issues by severity. Projects containing any type of malware are remarked with a special symbol (skull)

• Access to most usual actions related to projects with one click.

In this screen the Project Selector does not apply. The screen always shows all projects. The screen is shown and described in detail below:

Statistics

This section shows the number of projects scanned in the organization. Projects is a sum both of repositories and images scanned.

The following box shows a summary of total issues by severity in these projects. In the slide of detail of each project the user can check the stage of the SDLC in which Xygeni located potential malware and go to that section directly.

Filtering the list of projects

The user can customize the list of projects shown in the table applying filters:

• Alert: Filter by different types of alerts associated to the project as for example, containing malware. Only projects with that alert associated will be in the table below

• Project Type: to select projects of type ´Repository´ or ´Image Container´

• Name pattern: The table shows only projects with the string in the name

• Branch pattern: As the previous value, table only shows projects with the default branch containing the string in the filter

• Risk Level: Table consider only projects in the risk levels selected. Below you have more details about the Risk Score calculation and values.

• Tags: to show only projects with tags containing the string provided in this filter.

When any filter criteria is selected, the option ´Clear All´ over the filter boxes changes to red to indicate that a filter is active. Clicking on that option will reset all filters to the default settings.

Risk Score and Risk Level

The Risk Score (or Risk Level, RL for short) is a quantitative metric that assesses the current exposure to software supply chain attacks. It evaluates the security posture of the DevOps system based on scans conducted by the Xygeni platform.

The Risk Level is quantified on a scale from 0 to 100, with 100 indicating the highest level of risk. This measure is determined by the issues identified within a project. If no issues are detected, the Risk Level is rated as 0.

The RL is qualified in three categories that make more evident how good or bad is the risk for the organization. Each category is encoded with a color following the "semaphore" scheme:

• Low: RL between 0 and 33, green color.

• Moderate: RL between 33 and 66, yellow color.

• High: RL between 66 and 100, blood-red color.

Projects Table

Several details are shown in the projects table:

• Last scan date: The date of the latest scan for each project.

• Number of projects from the total items complying with the criteria of the filter.

• Bulk actions button: Only enabled once one or more projects are selected by clicking on their checkbox. Based on the projects selected, it will enable applicable operations.

You can interact with the rows in different ways:

• Clicking on a white space of the row, a slide with details about the project will open.

• Clicking on the 'scan now' button will launch an on-demand scan of the project.

At the end of each row, there is an icon with 3 dots that deploy a contextual menú for one-click access to different options.

Below you can find a quick description of the available actions:

• Scan Now: Launch an on-demand scan if the project is integrated in the managed scan system.

• View Details: Opens a slide with additional information.

• View Dependency Graph: If the user has the inventory license, the system shows the graphical representation of the project representing all assets with their security posture and the relationship among them.

• Download SBOM: Download the SBOM file in the selected format.

• Configure Project Settings: Only available for Root and Project Manager users. It opens the slide for configuration.

• Go to Repository: If detected, a new window opens to the project's repository in the corresponding Source Code Managemente system.

The Project Details (Slide)

Upon selecting the project's row or choosing the option to view details, a panel opens displaying multiple sections:

The Actions button on the top right area shows the same actions that the menu in each row described above.

Summary

The summary view of a project shows meta information related to the project date, size and location. The second section shows information about the team and the most active users. Some statistics from the languages contained in the project are also available.

Findings

Second section of the slide shows a detailed view of the issues found in each stage of the SDLC. Clicking on the name of the stage, the user will go to the specific list of issues in the corresponding product.

A special symbol (skull in this case) appears before the name of the section, if the system detects malware. Visiting the specific list of issues will show the malware as well as other vulnerabilities detected.

In the section below the statistics, you can directly see the first 5 issues of the category selected in the selector. For each issue, selecting the ´View Details´ option displays a panel with detailed information similar to that on the specific risks screen.