Repository
The Repository Analyzer provides comprehensive visibility into source code repositories, their dependencies, vulnerabilities, and compliance status. It helps teams effectively manage repository health, security posture, and compliance requirements across the software development lifecycle.
Required Blueprints: GitHub, Azure DevOps, Azure, AWS, Bitbucket, Checkmarx
Sightlines
| Sightline | Description |
|---|---|
| Organization Info | Insights into GitHub organization structure and metrics. |
| Git Access & Governance Posture | Repository visibility, access controls, and organizational governance policies. |
| Git Secure Development Posture | Security practices in development workflows and code repositories. |
Explorer Node Types
Use these node types in Explorer or KAI to query resources surfaced by this analyzer:
github.repository.Repository, github.organization.Organization, github.organization.User, azuredevops.project.Repository, bitbucket.repository.Repository
Related Analyzers
- Code — SAST findings and vulnerabilities in repositories
- Software Composition Analysis — Package dependencies and SBOM analysis
- Secrets and PII — Secrets and credentials detected in code
- IaC — Terraform and CloudFormation files in repositories
- Engineering Operations — CI/CD pipeline configurations
Insight Feed Alerts
Count of Vulnerable Repositories
Highlights repositories with vulnerabilities.
Count of Vulnerable Packages in Repositories
Provides visibility into package vulnerabilities across repositories.
Repository Critical Vulnerability
Highlights critical vulnerabilities in open-source software, supporting immediate prioritization and remediation.
Repository High Vulnerability
Highlights high-severity vulnerabilities in open-source software, aiding in structured response planning.
Repository Medium Vulnerability
Highlights medium-severity vulnerabilities in open-source software, aiding in structured response planning.
Repository Low Vulnerability
Highlights low-severity vulnerabilities in open-source software, aiding in structured response planning.
High Risk Repository
Identifies repositories with critical security concerns.
Secrets Discovered in Code
Identifies repositories containing exposed secrets, enabling swift action to secure sensitive information.
PIIs Discovered in Code
Identifies repositories containing exposed Personally Identifiable Information (PII), enabling organizations to address privacy risks and ensure compliance.