Skip to main content

Overview

Use Repositories to review the primary scanned assets in Cysmiq. Repository views connect VCS metadata, scan activity, vulnerabilities, branch and tag refs, manifests, packages, and repository-level settings. Repositories are synced from your VCS integrations. Scans run against repository assets.

When to use repositories

  • Find scan status and the most recent scan for a repository
  • Review active vulnerabilities for a repository
  • Compare default branch scope with all branch scope
  • Inspect branch and tag refs
  • Export a repository SBOM
  • Configure repository-level scanning and ownership settings

Repository list

The Repositories list shows repository name, organization, type, scan status, active vulnerability counts, open technical impacts, last scan, and row actions. Use the list to filter by:
  • Repository name
  • Scan status
  • Repository type, including private, public, monorepo, and orphaned repositories
  • Organization
  • Package, package version, manifest, or usage drilldowns opened from package and manifest views
Select one or more rows to export repositories. If available to your role, bulk actions can enable or disable selected repositories.

Repository detail view

Open a repository to review its tabs:
TabUse it to
OverviewReview repository identity, type, VCS location, default branch, created date, last scan, vulnerability scope, vulnerability trend, severity distribution, open vulnerabilities, recent scans, frequent violations, security champions, and technical impacts.
BranchesReview branch refs, severity counts, inferred active vulnerability counts, and last scan time for each branch.
TagsReview VCS tag refs, severity counts, inferred active vulnerability counts, and last scan time for each tag.
EnvironmentsReview repository environments when environments are enabled for the workspace.
SettingsEnable or disable the repository and configure repository-level defaults.
The Tags tab refers to VCS tags such as Git tags. It is separate from product metadata tags. Branch and tag vulnerability counts show active vulnerabilities by severity. When Cysmiq carries forward an active location from an earlier scan, the ref table can also show a separate inferred count.

Vulnerability scope

The repository overview includes a Vulnerability scope selector.
ScopeMeaning
Default branchesShows vulnerability data for refs included by the repository’s effective default branch filter.
All branchesShows vulnerability data across all refs for the repository.
Use Default branches for normal security posture review. Use All branches when you need to investigate findings across every scanned ref.

Repository settings

The Settings tab can include:
  • Enable: controls whether Cysmiq scans the repository
  • Default Assignee: assigns a default user for new findings
  • Default branch filtering
  • VCS status behavior
  • Ticketing behavior
When a repository is disabled, the repository header shows that data is not up to date and points users to the Settings tab to re-enable scanning.

SBOM export

Use Download SBOM on the repository detail page to export a CycloneDX SBOM for the repository. Available formats:
  • CycloneDX JSON
  • CycloneDX XML
Small SBOM exports download immediately. Larger exports are queued, and Cysmiq notifies you when the file is ready.