> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Repositories

> Use repository views to review scan status, refs, findings, SBOM exports, and repository-level settings.

## Overview

Use **Repositories** to review the primary scanned assets in Cysmiq. Repository views connect VCS metadata, scan activity, vulnerabilities, branch and tag refs, manifests, packages, and repository-level settings.

Repositories are synced from your VCS integrations. Scans run against repository assets.

## When to use repositories

* Find scan status and the most recent scan for a repository
* Review active vulnerabilities for a repository
* Compare default branch scope with all branch scope
* Inspect branch and tag refs
* Export a repository SBOM
* Configure repository-level scanning and ownership settings

## Repository list

The **Repositories** list shows repository name, organization, type, scan status, active vulnerability counts, open technical impacts, last scan, and row actions.

Use the list to filter by:

* Repository name
* Scan status
* Repository type, including private, public, monorepo, and orphaned repositories
* Organization
* Package, package version, manifest, or usage drilldowns opened from package and manifest views

Select one or more rows to export repositories. If available to your role, bulk actions can enable or disable selected repositories.

## Repository detail view

Open a repository to review its tabs:

| Tab              | Use it to                                                                                                                                                                                                                                                     |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Overview**     | Review repository identity, type, VCS location, default branch, created date, last scan, vulnerability scope, vulnerability trend, severity distribution, open vulnerabilities, recent scans, frequent violations, security champions, and technical impacts. |
| **Branches**     | Review branch refs, severity counts, inferred active vulnerability counts, and last scan time for each branch.                                                                                                                                                |
| **Tags**         | Review VCS tag refs, severity counts, inferred active vulnerability counts, and last scan time for each tag.                                                                                                                                                  |
| **Environments** | Review repository environments when environments are enabled for the workspace.                                                                                                                                                                               |
| **Settings**     | Enable or disable the repository and configure repository-level defaults.                                                                                                                                                                                     |

The **Tags** tab refers to VCS tags such as Git tags. It is separate from product metadata tags.

Branch and tag vulnerability counts show active vulnerabilities by severity. When Cysmiq carries forward an active location from an earlier scan, the ref table can also show a separate inferred count.

## Vulnerability scope

The repository overview includes a **Vulnerability scope** selector.

| Scope                | Meaning                                                                                         |
| -------------------- | ----------------------------------------------------------------------------------------------- |
| **Default branches** | Shows vulnerability data for refs included by the repository's effective default branch filter. |
| **All branches**     | Shows vulnerability data across all refs for the repository.                                    |

Use **Default branches** for normal security posture review. Use **All branches** when you need to investigate findings across every scanned ref.

## Repository settings

The **Settings** tab can include:

* **Enable**: controls whether Cysmiq scans the repository
* **Default Assignee**: assigns a default user for new findings
* Default branch filtering
* [VCS status behavior](../scanning/vcs-status-updates)
* Ticketing behavior

When a repository is disabled, the repository header shows that data is not up to date and points users to the **Settings** tab to re-enable scanning.

## SBOM export

Use **Download SBOM** on the repository detail page to export a CycloneDX SBOM for the repository.

Available formats:

* CycloneDX JSON
* CycloneDX XML

Small SBOM exports download immediately. Larger exports are queued, and Cysmiq notifies you when the file is ready.

## Related docs

* [Organizations](./organizations)
* [Manifests](./manifests)
* [Packages](./packages)
* [Scans](../concepts/scans)
* [VCS status updates](../scanning/vcs-status-updates)
* [Default branch filters](../views-automation/default-branch-filters)
* [Vulnerability list view](../vulnerability-management/vulnerability-list-view)
* [SBOMs](../concepts/sboms)
