Code

Once you connect your Source Code Management (SCM) provider, analysis begins immediately. The Code and analysis is then displayed in two global views: Repositories and Dependencies.

Repositories are listed in a single table displaying languages, numbers of modules and API endpoints, dependency findings categorized as Critical/High/Medium/Low, last commit timestamp, and points of contact.

This information can be sorted and filtered by source, organization, language, annotations/findings, recent commits, severity of dependency findings, and even specific vulnerabilities. For example, you can perform searches on repositories for:

• Public versus Private

• API endpoints

• Service association

• Unpinned dependencies

• Spring Actuator APIs, CVE-2023-34034, etc.

Information available when viewing individual repositories is documented here.

Dependencies are listed in a single table displaying number of modules and versions and information about license, package ecosystem, hygiene score, and classification, which includes first/third party, direct/transitive, open source/vendor, reachability, unmaintained, unpinned, unapproved license, etc. The number of versions is linked to a modal that displays each version and its Module location.

This information can be sorted and filtered by license, package ecosystem, and different classifications. For example, you can perform global searches on dependencies for:

• Direct vs. Transitive usage

• Reachability

• Maintenance status (e.g. unmaintained)

• Version hygiene (e.g. unpinned)

• License approval status

This view makes it easy to identify systemic risk, reduce dependency sprawl, and enforce consistent dependency standards across teams.

Further, because this view is global, you can quickly generate an SBOM (CycloneDX format) for your entire environment.

Information available when viewing individual dependencies is documented here.