Prerequisites
Before viewing and managing repository assets, verify the following:
Prerequisite | Description |
|---|---|
License | An active Cortex Cloud license with Application Security entitlements |
RBAC role | The AppSec Admin or SOC Analyst role, or an equivalent custom role with asset inventory and issue management permissions |
VCS integration | At least one Version Control System (GitHub, GitLab, Bitbucket, Azure DevOps) integrated and active |
Repository onboarding | At least one repository onboarded through the VCS integration and visible in the asset inventory |
How to access repository assets
To access repository assets, under Inventory, select → → .
The Repositories assets page includes a dashboard and an inventory.
Repository dashboard
The dashboard includes two widgets:
Providers: Displays connected version control providers (such as GitHub and GitLab) and the number of repositories found in each provider
Privacy State: Shows the distribution between public and private repositories and the amount of repositories in each category
Selecting an item in either widget filters the table accordingly.
Repository asset inventory
The following table describes the default exposed properties of the Repository asset table. Select Menu Settings to view additional properties.
Property | Description |
|---|---|
Repository Name | The name of the repository in the version control system (VCS). |
Provider |
|
Repository Organization | The organizational structure (such as project, team, platform) that contains and manages the repository |
Repository labels | Labels associated with the repository |
Business Application Names | The name of the business application to which the repository is associated, indicating it is part of the application assets |
First observed | The date the repository was initially detected in a scan |
Observation time | The date the repository was last updated |
Scanned Branches | The branch of the repository that is scanned (default: |
Is repository archived | Whether a repository is no longer actively maintained or developed (boolean) |
Filter and prioritize repositories
The Repositories page displays a table of all repositories. Use the search bar to find repositories by name, or apply filters to narrow results based on operational and security metadata.
High-priority filtering workflows
To effectively reduce the organization risk surface, apply the following filter combinations to prioritize remediation efforts:
Target critical assets: Filter by Business Application Names to isolate repositories tied to essential services and prioritize their vulnerabilities for remediation
Identify public exposure risks: Filter by Repository visibility configuration: Public to identify proprietary repositories inadvertently set to public in the VCS provider
Find active repositories missing scanner coverage: Filter by Is repository archived: No and sort the table by the Last Scan Date column to highlight actively maintained repositories that have never been scanned
Filter out noise from stale code: Filter by Is repository archived: Yes or sort by the oldest Last Commit Date to isolate abandoned or read-only codebases
Scope by business unit or environment: Use the repository tag metadata filter to isolate the inventory for specific engineering teams or deployment environments