Inventory Collaborators Scan

In addition to the inventory command, an analysis of administrative users, contributors and collaborators related to the repository can be included.

Collaborators analysis will help to identify inactive and overprivileged users, and trace risks introduced by those users.

Collaborators analysis

Collaborators analysis will register groups and users with following criteria:

• all SCM user accounts who have read, write, or manage permissions on the repository by directly assigned permission or by inherit from a group with permissions on the repository.

• all SCM groups that included any of above users.

• all git users not related to a SCM account but who has commits on the git history (on any branch)

By default only user activity for the last 12 months will be considered.

Navigate to Collaborators activity

Collaborators analysis tab can be found in SLDC Inventory page (see Inventory Collaborators)

How to run Collaborators analysis

Example:

xygeni inventory --dir DIR --format json --output INVENTORY.json --include-collaborators