Governance User Interface Guide

Security Posture

The Security Posture tab reflects the cumulative severity of findings from all integrated scanners. Within the Security Posture Tab you can find the following details:

Risk Score

  • A simplified risk indicator (color-coded).

  • Reflects the cumulative severity of findings from all integrated scanners (SAST, SCA, Secrets, etc.).

Risk Sources Breakdown

A stacked bar showing the proportion of risk types found in the repository:

  • SAST (e.g., insecure code patterns)

  • CI/CD (pipeline misconfigurations)

  • SCA (vulnerable open-source packages)

  • Secrets (hardcoded keys/tokens)

  • IaC (misconfigured infrastructure-as-code)

  • Malware (malicious packages or files)

  • Anomalous Activity (behavior-based risk)

Each segment reflects the volume of findings per category.

Issues Panel

  • Current Detected Issues:

    • 🟥 Critical

    • 🟧 Medium

    • 🟨 Low

  • Trend Graph: Shows issue growth over time.

  • SCM Insights:

    • Commits analyzed from GitHub.

    • Code-level issues broken down by severity.

  • Package Manager:

    • Packages scanned — Security issues detected.

  • CI/CD:

    • Pipelines and plugins detected/configured — no issues.

  • AppSec Policy:

    • Security policies that have not been enforced or are misconfigured.

  • Deployment/Provisioning:

    • IaC misconfigurations such as Kubernetes resources analyzed.

Compliance Coverage

  • Standard: CIS SSC Security Guide

  • Failed Checks:

    • Examples: No protected branches, missing secure build tasks.

  • Passed Checks:

    • Examples: Dependency pinning, approved build tools.

This helps gauge readiness for supply chain audits or regulatory compliance.

The Trends tab displays statistics regarding your projects vulnerabilities over a specified time period. The details shown in the Trends tab include:

  • New vs Resolved Issues (color-coded):

    • New Issues Detected

    • Resolved Issues

  • Exposure Window & Time to Resolve:

    • Marked as “Not Applicable” — likely due to a lack of remediation events.

  • Impact of Anomalous Activities:

    • Visual markers for:

      • Critical file changes

      • Suspicious events

Last updated