Xygeni User Guides
  • Welcome to Xygeni
  • Getting Started
    • Create a Free Trial Account
    • Quick start with your code repository
    • Quick start with Xygeni CLI
    • Quick start with a preloaded project
    • Log in to Xygeni
    • Subscribe to Xygeni
  • Introduction to Xygeni
    • Key Concepts
      • Projects in Xygeni
      • Project Baseline
      • Detected Issues
      • Remediation Actions
      • Policies
      • Risk Level
      • SDLC Inventory
      • Standards Compliance
      • GuardRails
    • Xygeni Products
    • How Xygeni works
    • Xygeni Web UI Overview
      • Projects Screen
        • Risk Level
    • Integrating Xygeni into your Workflow
    • Prioritization Funnels
      • Custom Funnels
      • Prioritization Criteria (Stages)
        • Reachability
        • Exploitability
        • Fixable
    • Guardrails
    • Generate a SBOM
    • Reports
      • Trends
      • Scan History
    • Supported Integrations
    • Customizations
  • Xygeni Products
    • Application Security Posture Management (ASPM)
      • ASPM User Interface Guide
      • All Risks
        • Statistics
        • Issues Evolution
        • Issue Comparison Between Different Scans
      • Governance
      • Inventory
        • All Assets
        • Repositories
        • Components
        • CI/CD Assets
        • Delivery Assets
        • Systems & Tools
        • Collaborators
      • Health Check
      • Inventory Scanner
        • Inventory Scanner Configuration
        • Inventory Collaborators Scan
      • Importing reports from 3rd party tools
        • External Scanners Supported
          • Report upload for Kiuwan
            • ExportRule (.java)
    • Code Security (SAST)
      • Code Security (SAST) User Interface Guide
        • Risks (SAST)
        • Malicious Code
      • Malware Scanner
        • Malware Scanner Configuration
        • Malware Detectors
      • SAST Scanner
        • SAST Scanner Configuration
    • Open Source (SCA)
      • Open Source (SCA) User Interface Guide
      • Open Source Components
      • Supported Package Managers for dependency resolution
      • Risks (SCA)
      • OSS Prioritization Funnels
      • OSS Auto-Remediation
      • Malware Early Warning (MEW)
        • How Malware Early Warning works
        • Common types of Malware found in open source packages
      • Dependency Scanner
        • Dependency scanner configuration
        • Dependency Analyzers
      • Suspect Dependencies Scanner
        • Suspect Deps Scanner Configuration
        • Suspect Deps Detectors
    • CI/CD Security
      • CI/CD Security User Interface Guide
      • CI/CD Details
      • Build Attestations
      • CI/CD Scanner
        • CI/CD Misconfigurations Scanner Configuration
      • Compliance Scanner
        • Supported compliance standards
    • Secrets Security
      • Secrets User Interface Guide
      • Secrets Scanner
        • Secrets scanner configuration
      • Secret Leaks Handling
        • Secret Leaks Handling
        • How to Prevent Hard-Coded Secrets
        • Secret Leaks Handling CheatSheet
      • Secrets Auto-Remediation
    • IaC Security
      • IaC User Interface Guide
      • IaC Scanner
        • IaC Scanner Configuration
    • Malware
    • Build Security
      • Build Security Concepts
      • Build Attestations
      • Attestation format
      • How SALT works
      • Installing Salt CLI
      • Salt Command-Line Reference
      • SALT Architecture
      • SALT How To…​
    • Anomalous Activity Detection
      • Anomalous Activity Detection User Interface Guide
      • Xygeni Sensors
        • Xygeni Sensor for Azure
        • Xygeni Sensor for BitBucket
        • Xygeni Sensor for GitHub
          • GitHub Audit Log Processing
        • Xygeni Sensor for GitLab
        • Xygeni Sensor for Jenkins
        • Anomaly Detection's Detectors
      • Code Tampering Scanner
        • Code Tampering Scanner Configuration
    • Compliance & Malware Insights
      • SSCS Compliance
      • Malicious Packages DB
  • Scan Management
    • Manage Scans
    • Scan History
  • Xygeni Scanner CLI
    • Xygeni Scanners
    • Xygeni CLI Overview
      • Xygeni CLI Prerequisites
      • Xygeni CLI Installation
      • Xygeni CLI Docker Image
      • Xygeni CLI Authentication
        • CLI Authentication with Xygeni
      • SCM, CI/ CD and Container Registry tokens
      • Xygeni CLI Operation Modes
        • Single scan
          • Scanning a docker image
        • Multi Scan
        • Organization scan
      • Xygeni CLI Configuration options
      • Xygeni CLI Output Formats
      • Exporting Xygeni results to 3rd party tools
      • Automatic Remediation
      • Generate SBOM with the Xygeni CLI
      • CLI utils
        • Credentials Encryption
        • Central Configuration
      • Xygeni Guardrails
        • CI/CD Audit Analysis
      • Xygeni CLI Error Codes
      • Xygeni Scanner Reference
  • Xygeni Administration
    • Platform Administration
      • Profile
      • Subscription
      • Users Management
      • Projects Management
      • Groups Management
      • Policies
      • Integrations
        • Xygeni Single Sign-On (SSO) Authentication
          • SSO - OKTA
          • SSO - Microsoft Entra ID
        • Integrate Scanner CLI into CI/CD Systems
          • Azure Pipelines Integration
          • BitBucket Integration
          • CircleCI Integration
          • GitHub Actions Integration
          • GitLab Runner Integration
          • Jenkins Integration
          • Travis CI Integration
        • Git Hooks with Xygeni
        • Collaboration & communication Tools
        • Ticketing Systems
        • Remediation systems
      • Notifications
    • Rest API
  • Support
  • Changelog
    • Version 5.11 - April 11, 2025
    • Version 5.9 – March 26, 2025
Powered by GitBook
On this page
  • Statistics
  • Filtering the list of projects
  • Projects Table
  • The Project Details (Slide)
Export as PDF
  1. Introduction to Xygeni
  2. Xygeni Web UI Overview

Projects Screen

PreviousXygeni Web UI OverviewNextRisk Level

Last updated 1 month ago

The Projects Screen is the first page you see when you login to

This screen enables users to:

  • Review your organization's total projects count and their associated issues.

  • View the list of projects scanned in the organizacion. The projects are ordered by last scan although the user can order them by other criteria clicking in the columns header of the table. For each project, user can see the branch configured as default in Xygeni.

  • View the Security Posture for each project and a summary of issues by severity. Projects containing any type of malware are remarked with a special symbol (skull)

  • Access to most usual actions related to projects with one click.

In this screen the Project Selector does not apply. The screen always shows all projects. The screen is shown and described in detail below:

Statistics

This section shows the number of projects scanned in the organization. Projects is a sum both of repositories and images scanned.

The following box shows a summary of total issues by severity in these projects. In the slide of detail of each project the user can check the stage of the SDLC in which Xygeni located potential malware and go to that section directly.

Filtering the list of projects

The user can customize the list of projects shown in the table applying filters:

  • Alert: Filter by different types of alerts associated to the project as for example, containing malware. Only projects with that alert associated will be in the table below

  • Project Type: to select projects of type ´Repository´ or ´Image Container´

  • Name pattern: The table shows only projects with the string in the name

  • Branch pattern: As the previous value, table only shows projects with the default branch containing the string in the filter

  • Risk Level: Table consider only projects in the risk levels selected. Below you have more details about the Risk Score calculation and values.

  • Tags: to show only projects with tags containing the string provided in this filter.

When any filter criteria is selected, the option ´Clear All´ over the filter boxes changes to red to indicate that a filter is active. Clicking on that option will reset all filters to the default settings.

Risk Score and Risk Level

The Risk Score (or Risk Level, RL for short) is a quantitative metric that assesses the current exposure to software supply chain attacks. It evaluates the security posture of the DevOps system based on scans conducted by the Xygeni platform.

The Risk Level is quantified on a scale from 0 to 100, with 100 indicating the highest level of risk. This measure is determined by the issues identified within a project. If no issues are detected, the Risk Level is rated as 0.

The RL is qualified in three categories that make more evident how good or bad is the risk for the organization. Each category is encoded with a color following the "semaphore" scheme:

  • Low: RL between 0 and 33, green color.

  • Moderate: RL between 33 and 66, yellow color.

  • High: RL between 66 and 100, blood-red color.

Projects Table

Several details are shown in the projects table:

  • Last scan date: The date of the latest scan for each project.

  • Number of projects from the total items complying with the criteria of the filter.

  • Bulk actions button: Only enabled once one or more projects are selected by clicking on their checkbox. Based on the projects selected, it will enable applicable operations.

You can interact with the rows in different ways:

  • Clicking on a white space of the row, a slide with details about the project will open.

  • Clicking on the 'scan now' button will launch an on-demand scan of the project.

Note: If the project has been scanned using the CLI and it is not integrated with the managed scans system, this option will not be available and the button will be disabled.

At the end of each row, there is an icon with 3 dots that deploy a contextual menú for one-click access to different options.

Below you can find a quick description of the available actions:

  • Scan Now: Launch an on-demand scan if the project is integrated in the managed scan system.

  • View Details: Opens a slide with additional information.

  • View Dependency Graph: If the user has the inventory license, the system shows the graphical representation of the project representing all assets with their security posture and the relationship among them.

  • Download SBOM: Download the SBOM file in the selected format.

  • Configure Project Settings: Only available for Root and Project Manager users. It opens the slide for configuration.

  • Go to Repository: If detected, a new window opens to the project's repository in the corresponding Source Code Managemente system.

The Project Details (Slide)

Upon selecting the project's row or choosing the option to view details, a panel opens displaying multiple sections:

The Actions button on the top right area shows the same actions that the menu in each row described above.

Summary

The summary view of a project shows meta information related to the project date, size and location. The second section shows information about the team and the most active users. Some statistics from the languages contained in the project are also available.

Important: If the project contains malware a red notice will be shown on top. Detailed sections containing malware are available in the Findings section.

Findings

Second section of the slide shows a detailed view of the issues found in each stage of the SDLC. Clicking on the name of the stage, the user will go to the specific list of issues in the corresponding product.

A special symbol (skull in this case) appears before the name of the section, if the system detects malware. Visiting the specific list of issues will show the malware as well as other vulnerabilities detected.

Malware detection requires ´Premium´ or ´Enterprise´ plan to enable malware detection capabilities.

In the section below the statistics, you can directly see the first 5 issues of the category selected in the selector. For each issue, selecting the ´View Details´ option displays a panel with detailed information similar to that on the specific risks screen.

Finally, there is a quick access to the section, so the customer can configure integration with their SCM and launch the first scan of a project from there. Once the project is scanned and in the platform, the configuration of the project and management of scan can be done from this screen.

In the , the Risk Level is displayed alongside its variation in relation to the current baseline of projects.

See for further information and details.

Clicking on the name of the project, goes to the section to review the projects associated risk.

View All Issues: Goes to the section.

Managed Scans
All Risks
All Risks
All Risk
https://in.xygeni.io/auth/login
Dashboard