Skip to main content

Overview

Assets are the objects Cysmiq tracks and reports on. Repositories are scanned directly. Organizations are synced from your VCS integrations, and manifests and packages are derived from repository scans. Assets are populated automatically from VCS integrations and scans. You cannot add assets manually.

Asset types

  • Organizations: GitHub organizations or GitLab groups synced from your VCS
  • Repositories: Code repositories within organizations
  • Manifests: Dependency files within repositories (package.json, requirements.txt, go.mod, etc.)
  • Packages: Dependencies declared in manifests
  • Package versions: Specific versions of packages in use

How assets relate

Assets follow how your code and dependencies are structured: 
Organization
  └── Repository
        └── Manifest
              └── Package (with version)
Packages can appear in multiple manifests. Dependency findings include the related manifest and package in their details, while code findings point to the repository and file.

Grouping assets

Repositories can be grouped into Applications for reporting and filtering across related codebases (for example, grouping frontend, backend, and mobile repositories into a single product).

SBOMs

Software Bills of Materials are generated from manifest data collected during scans.
  • Applications: group repositories for unified reporting
  • Scans: how repositories are scanned