# Application Security Posture Management (ASPM)

<div align="left"><figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FPjNrTXVqtK1JyFaGyDFq%2Fimage.png?alt=media&#x26;token=0dce09cc-6d00-4ccd-8a48-68d9b6ffff00" alt=""><figcaption></figcaption></figure></div>

Xygeni’s **Application Security Posture Management** (**ASPM**) tool enhances how your teams visualize, prioritize, and remediate risks. The **Xygeni platform** delivers **real-time visibility** and **contextualization** that simplifies security, ensuring your applications are protected from development through deployment.

{% hint style="info" %}
For a full description of ASPM in the Xygeni UI please go to [Xygeni ASPM Web UI](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm/aspm-user-interface-guide)&#x20;
{% endhint %}

### Automated Asset Discovery and Inventory Management

Xygeni provides automated solutions for comprehensively identifying and cataloging assets within your software supply chain, enhancing visibility and control over your development and deployment processes.&#x20;

From source control management (**SCM**) systems to **build tools**, **CI/CD workflows**, and **distribution mechanisms**, Xygeni captures a detailed [**inventory** ](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm/inventory)of **assets**. As well as identifying code repositories, open-source and private dependencies, package managers, pipelines and jobs, scripts and build files, plugins and tools, Infrastructure as Code (IaC) templates and cloud resources.&#x20;

Furthermore, Xygeni automatically **identifies** and continuously **monitors** these **assets**, assessing **their interdependencies** as well as the individual and **overall security posture** of each asset, application, and customer defined group or category.

{% hint style="info" %}
Visit the [Inventory](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm/inventory) documentation page for further details
{% endhint %}

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FdIwEDQ8OHUGpibyWtv8r%2FScreenshot%202025-04-09%20121330.png?alt=media&#x26;token=f01d1e2c-bd34-468e-bc3d-0d2172fba71d" alt=""><figcaption><p>Detailed view of the dependency graph of a real project.</p></figcaption></figure>

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FjFUQqnKfTmgrxjshaDim%2Fimage.png?alt=media&#x26;token=db0056a9-a9c8-469a-b6b3-b1be8304d6c2" alt=""><figcaption></figcaption></figure>

### Users and Contributors Analysis&#x20;

Xygeni enhances its Inventory capabilities by integrating a comprehensive [Collaborator Analysis](https://docs.xygeni.io/xygeni-products/health-check#collaborators) feature.&#x20;

This analysis is essential for the effective management of administrative users, contributors, and collaborators associated with software repositories. By monitoring user activity and evaluating each user's role, we can ensure we follow best practices and resolve these issues as soon as posible.

Xygeni also helps organizations implement a *least privilege* strategy by identifying risks associated with inactive or overprivileged users.

Some key features are:&#x20;

1. [Comprehensive Permissions Review](https://docs.xygeni.io/xygeni-products/health-check#collaborators): Xygeni scans for all SCM (Source Control Management) user accounts that have read, write, or manage permissions on repositories. This includes permissions assigned directly to users or inherited from groups with access to the repositories.&#x20;
2. [Group and User Tracking](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm/inventory/collaborators): The system registers all SCM groups, including any users with significant permissions, ensuring that all potential access points are monitored and controlled.&#x20;
3. [Non-SCM Contributors](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm/inventory/collaborators): Xygeni also identifies git users who are not linked to an SCM account but have made commits to the git history. Xygeni tracks contributions across all branches, providing a complete picture of every user that has modified the codebase.

{% hint style="info" %}
Visit these pages for further info:

* &#x20;[Inventory Collaborators](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm/inventory/collaborators).
* &#x20;[Heath Check Collaborators](https://docs.xygeni.io/xygeni-products/health-check#collaborators).
  {% endhint %}

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FiwLJ5H8HsDbYoO4dyZoj%2Fimage.png?alt=media&#x26;token=896c07df-e5a3-4bd4-b187-53ea75857f2d" alt=""><figcaption></figcaption></figure>

### Advanced Dynamic Prioritization

Xygeni's [dynamic funnels](https://docs.xygeni.io/introduction-to-xygeni/prioritization-funnels) provide extensive customization and precise filtering options.

Customers can define up to eight stages in their prioritization funnel. Tailored by severity, issue type and category. This flexibility ensures that each organization can focus on the vulnerabilities that pose the highest risk according to their specific security policies and operational needs.

The funnel system supports the integration of customer-defined properties alongside pre-configured stages such as reachability or exploitability, among others. This allows organizations to further refine their security focus and manage vulnerabilities more effectively.&#x20;

{% hint style="info" %}
Visit the [Prioritization Funnels](https://docs.xygeni.io/introduction-to-xygeni/prioritization-funnels) page for further info.
{% endhint %}

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2F1er4PqtZzQQ7nqxhnm6d%2Fimage.png?alt=media&#x26;token=a068ee95-3e68-47d3-8db3-b3f218c7a770" alt=""><figcaption></figcaption></figure>

### Integration of  3rd-Party Security Reports

Xygeni’s Application Security Posture Management (ASPM) platform can also seamlessly **integrate** reports from **third-party security tools**, including Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools.

This capability enables organizations to optimize their current technology infrastructure. Offering a unified perspective on security threats across various tools and platforms ensuring that all potential vulnerabilities are identified, prioritized, and addressed efficiently.&#x20;

Key benefits of this integration include:

* **Unified Security Dashboard**: Consolidates findings from various tools into a single dashboard for monitoring and analysis.&#x20;
* **Enhanced Threat Detection**: Combines data from multiple sources to provide a more complete assessment of security risks.&#x20;
* **Efficient Remediation**: Enables quicker and more coordinated responses to security issues by centralizing vulnerability management.

{% hint style="info" %}
Visit the [Uploading reports from 3rd party tools](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm/importing-reports-from-3rd-party-tools) page for further information.
{% endhint %}

### Audit Trail of Security Events&#x20;

Xygeni’s Application Security Posture Management platform includes a robust security audit trail feature that provides a c**omprehensive timeline** of events associated with each asset.&#x20;

This feature tracks and **logs all significant activities**, such as changes, updates, and security incidents. Ensuring that users have a clear and detailed view of the security history for each asset within their software environment.&#x20;

Some notable capabilities of our security audit trail feature are:

* **Event Log**: Every **modification**, **update**, or **security event** related to an asset is logged. Creating a chronological record that can be crucial for troubleshooting, compliance audits and security investigations.
* **Comprehensive Coverage**: The audit trail captures a wide range of events, from code commits and build configurations to deployment activities and configuration modifications, ensuring that all aspects of the asset lifecycle are monitored.&#x20;
* **Effortless Access and Visualization**: Users are able to efficiently access and visualize audit trails, facilitating the identification of specific events or patterns.
* **Enhanced Security and Compliance**: By maintaining a **detailed record** of all **actions** taken on each asset, Organizations can strengthen their security framework and ensure adherence to regulatory standards, facilitating the verification of procedural compliance and enabling the early detection of a security breach.

{% hint style="info" %}
Visit the [Findings and Audit Trail](https://docs.xygeni.io/xygeni-products/inventory/all-assets#findings-and-audit-trail) page for further information.
{% endhint %}

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FfSkfYcfUhjeiOdFxQnmz%2Fimage.png?alt=media&#x26;token=383f9c24-573f-47c0-8d49-20857fb26cc8" alt=""><figcaption></figcaption></figure>

### Quick and Efficient Remediation Process&#x20;

Xygeni’s ASPM platform optimizes the remediation process by providing detailed guidelines and automated actions for addressing each risk and vulnerability.

Integration with ticketing and tracking systems streamlines the process of updating workflows, ensuring that vulnerabilities are promptly addressed.

{% hint style="info" %}
Visit these pages for more information:

* [Remediation Actions](https://docs.xygeni.io/introduction-to-xygeni/key-concepts/remediation-actions).
* [Automatic Fix](https://docs.xygeni.io/xygeni-products/open-source-security-oss/oss-auto-remediation).
  {% endhint %}