The Repositories assets inventory provides an overview of the security issues identified by various scanners that analyze the repository's code and configuration. This includes the number and severity of issues detected in each repository.
You can remediate these issues directly from the asset inventory:
Select a repository from the inventory table.
A card is displayed with expanded repository details, including these types of issues detected during repository scans organized by tab according to category. Refer to Investigate repository assets for more details about available issue categories in repository assets.
Click on a tab including an issue.
A list of issues for the selected type is displayed.
Select an issue from the list.
A card with detailed issue information, including remediation options, is displayed.
Remediate the issue:
For Secrets exposure, refer to Navigate to secrets issues
For IaC misconfiguration, refer to Navigate to IaC misconfiguration issues
SCA vulnerabilities:
For CVE vulnerabilities, refer to Software Composition Analysis (SCA) vulnerability issues
For package operational risks, refer to Package integrity issues
For package integrity (license miscompliance), refer to License miscompliance issues
For SAST CWE weaknesses, refer to SAST code weaknesses (CWEs)
Note
You can also find the repository issues in the general issue inventory table, and in the dedicated inventory of issues for each scanner type (see step 4 above for details).