Skip to main content

Overview

Use Applications to group related repositories into a product, service, or team-owned surface. Application views help you review security posture across linked repositories without changing the underlying repository records. Applications are created manually. The assets linked to an application are repository assets synced from your VCS integrations.

When to use applications

  • Group frontend, backend, worker, and mobile repositories into one product view
  • Review vulnerability trends and severity distribution across a product
  • Filter vulnerabilities by application
  • Export an application-level SBOM
  • Give teams a stable reporting boundary that is separate from VCS organization structure

Application list

The Applications list shows each application with its linked repository count, active vulnerability counts, open technical impacts, and created date when the column is enabled. Use the list to find applications by:
  • Whether they have active vulnerabilities
  • Repository count
  • Creation date
Select one or more rows to export application data. Owners can also delete selected applications from the bulk action menu.

Create an application

Choose New Application from the Applications list. Add a name, optional description, and the repository assets that belong to the application. The asset picker shows repositories by organization and repository name when the organization is available. You can create an application without selecting assets and add repositories later from the application detail page.

Application detail view

Open an application to review its tabs:
TabUse it to
OverviewReview linked asset count, description, vulnerability trend, severity distribution, vulnerability breakdown by asset, frequent violations, security champions, and technical impacts.
AssetsReview the repositories linked to the application, their active vulnerability counts, and last scan time.
SettingsUpdate the application name and description, or delete the application.
The Overview tab links to the filtered vulnerability list so you can move from an application summary into the underlying findings.

Linked assets

The Assets tab lists the repositories in the application. Use Add assets to link more repositories. Removing an asset from an application removes the application association only. It does not delete the repository, scans, vulnerabilities, manifests, packages, or package versions.

SBOM export

Use Download SBOM on the application detail page to export a CycloneDX SBOM for the repositories linked to the application. Available formats:
  • CycloneDX JSON
  • CycloneDX XML
Small SBOM exports download immediately. Larger exports are queued, and Cysmiq notifies you when the file is ready.