Governance User Interface Guide
Security Posture
The Security Posture tab reflects the cumulative severity of findings from all integrated scanners. Within the Security Posture Tab you can find the following details:
Risk Score
A simplified risk indicator (color-coded).
Reflects the cumulative severity of findings from all integrated scanners (SAST, SCA, Secrets, etc.).
Risk Sources Breakdown
A stacked bar showing the proportion of risk types found in the repository:
SAST (e.g., insecure code patterns)
CI/CD (pipeline misconfigurations)
SCA (vulnerable open-source packages)
Secrets (hardcoded keys/tokens)
IaC (misconfigured infrastructure-as-code)
Malware (malicious packages or files)
Anomalous Activity (behavior-based risk)
Each segment reflects the volume of findings per category.
Issues Panel
Current Detected Issues:
🟥 Critical
🟧 Medium
🟨 Low
Trend Graph: Shows issue growth over time.
SCM Insights:
Commits analyzed from GitHub.
Code-level issues broken down by severity.
Package Manager:
Packages scanned — Security issues detected.
CI/CD:
Pipelines and plugins detected/configured — no issues.
AppSec Policy:
Security policies that have not been enforced or are misconfigured.
Deployment/Provisioning:
IaC misconfigurations such as Kubernetes resources analyzed.
Compliance Coverage
Standard: CIS SSC Security Guide
Failed Checks:
Examples: No protected branches, missing secure build tasks.
Passed Checks:
Examples: Dependency pinning, approved build tools.
This helps gauge readiness for supply chain audits or regulatory compliance.
Trends
The Trends tab displays statistics regarding your projects vulnerabilities over a specified time period. The details shown in the Trends tab include:
New vs Resolved Issues (color-coded):
New Issues Detected
Resolved Issues
Exposure Window & Time to Resolve:
Marked as “Not Applicable” — likely due to a lack of remediation events.
Impact of Anomalous Activities:
Visual markers for:
Critical file changes
Suspicious events
Last updated