# Governance User Interface Guide

### Security Posture 

The **Security Posture** tab **r**eflects the cumulative severity of findings from all integrated scanners. Within the Security Posture Tab you can find the following details:

 **Risk Score**

* A simplified risk indicator (color-coded).
* Reflects the cumulative severity of findings from all integrated scanners (SAST, SCA, Secrets, etc.).

 **Risk Sources Breakdown**

A stacked bar showing the proportion of risk types found in the repository:

* **SAST** (e.g., insecure code patterns)
* **CI/CD** (pipeline misconfigurations)
* **SCA** (vulnerable open-source packages)
* **Secrets** (hardcoded keys/tokens)
* **IaC** (misconfigured infrastructure-as-code)
* **Malware** (malicious packages or files)
* **Anomalous Activity** (behavior-based risk)

Each segment reflects the volume of findings per category.

Issues Panel

* **Current Detected Issues**:
  * 🟥 Critical
  * 🟧 Medium
  * 🟨 Low
* **Trend Graph**:\
  Shows issue growth over time.
* **SCM Insights**:
  * Commits analyzed from GitHub.
  * Code-level issues broken down by severity.
* **Package Manager**:
  * Packages scanned — Security issues detected.
* **CI/CD**:
  * Pipelines and plugins detected/configured — no issues.
* **AppSec Policy**:
  * Security policies that have not been enforced or are misconfigured.
* **Deployment/Provisioning**:
  * IaC misconfigurations such as Kubernetes resources analyzed.

###  Compliance Coverage

* **Standard:** **CIS SSC Security Guide**
* **Failed Checks**:
  * Examples: No protected branches, missing secure build tasks.
* **Passed Checks**:
  * Examples: Dependency pinning, approved build tools.

This helps gauge readiness for supply chain audits or regulatory compliance.

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FtrmO5nkaul6NanQT549U%2Fimage.png?alt=media&#x26;token=241c9de8-22a6-46fe-bb58-93a1f2a9b02d" alt=""><figcaption></figcaption></figure>

### Trends

The **Trends** tab displays statistics regarding your projects vulnerabilities over a specified time period. The details shown in the Trends tab include:

* **New vs Resolved Issues** (color-coded):
  * New Issues Detected
  * Resolved Issues
* **Exposure Window** & **Time to Resolve**:
  * Marked as “Not Applicable” — likely due to a lack of remediation events.
* **Impact of Anomalous Activities**:
  * Visual markers for:
    * Critical file changes
    * Suspicious events<br>

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2F0oWa8jBWTzLdZEHPzxk9%2Fimage.png?alt=media&#x26;token=aa9aa03b-05ef-4da6-9fb9-105577eb3bea" alt=""><figcaption></figcaption></figure>