Prerequisites
Before viewing and managing VCS organization assets, verify the following:
Prerequisite | Description |
|---|---|
License | An active Cortex Cloud license with Application Security entitlements |
RBAC role | The AppSec Admin or SOC Analyst role, or an equivalent custom role with asset inventory and issue management permissions |
VCS integration | At least one Version Control System (GitHub, GitLab, Bitbucket, Azure DevOps) integrated and active. VCS organizations are discovered through active VCS integrations |
How to access VCS organization assets
To access VCS organization assets, under Inventory, select → → .
The VCS Organizations assets page includes a dashboard and an inventory.
VCS organization dashboard
The dashboard includes the following widget:
Providers: Displays connected version control providers (such as GitHub, GitLab, Bitbucket, and Azure DevOps) and the number of organizations found in each provider
Selecting an item in the widget filters the table accordingly.
VCS organization asset inventory
The following table describes the default exposed properties of the VCS Organization asset table. Select Menu Settings to view additional properties.
Property | Description |
|---|---|
VCS Organization Name | The name of the VCS organization as discovered from the VCS integration. The Organization Name serves as the primary identifier for the VCS organization asset |
VCS Organization Provider | The VCS platform hosting the organization (GitHub, GitLab, Bitbucket, Azure DevOps), displayed with a provider icon |
First Observed | The date and time the asset was initially detected and registered into the unified asset inventory during its first scan |
Observation Time | The date and time the asset was last updated, scanned, or seen by the platform's discovery and scanning mechanisms |
VCS Organization URL | The direct web address to the organization within the Version Control System provider's platform (for example, |
Business Application Names | The name(s) of the business application(s) to which the asset is associated. For a VCS organization, these applications are inherited from the child repositories and CI/CD instances within the organization. This helps map the asset to its business context and criticality |
Filter and prioritize VCS organizations
The VCS Organizations page displays a table of all VCS organizations. Use the search bar to find specific organizations by name, or apply filters to narrow the inventory based on operational and security metadata.
High-priority filtering workflows
To effectively manage the organization-level security posture, apply the following filter combinations to prioritize remediation efforts:
Scope by VCS provider: Use the Provider filter (or dashboard widget) to isolate the inventory by provider (for example, GitHub or GitLab) to evaluate provider-specific organizational risks and enforce platform-level security standards
Identify access control risks: Filter by Is MFA needed = No to quickly identify VCS organizations that do not have Multi-Factor Authentication enforced, allowing you to prioritize securing access to these foundational organization boundaries.