Table of Contents
Repositories
Repositories
provides you with a comprehensive view and analysis of your engineering technical stack from repository to deployment, all within a repository-based view. This allows you to identify code repositories and their associated infrastructure, including programming languages, frameworks, CI files and so on. In addition it allows you to understand your paths to production by identifying the repositories connected to CI/CD pipelines.
Repositories maps your organization’s security posture, allowing you to understand the high and critical risks in your repositories. This enables you to prioritize and address the most critical security issues first, reducing the risk of security breaches.The repositories displayed in the inventory are limited to those selected during VCS onboarding. To ensure complete visibility, it is recommended to select all repositories during VCS onboarding. Users will only see repositories to which they have been granted access, based on their designated roles and permissions.
To access Repositories, select
Application Security
> Repositories
. The Overview
tab opens by default, displaying an inventory of your engineering technical stack, organized by repository.
The inventory includes the following details.
- Version control system(VCS) platform: Represents the VCS hosting the repository.
- Repository Name: A list of all repositories detected from all the VCS integrations. Includes a link to the repository
- Visibility: Whether the repository is private or public
- Archived: Whether the repository is archived
- Contributors: A list of contributors to the repository. Clicking on a number displayed in the column opens a pop-up with more details about the contributors. Additional information about the contributors can also be found by selecting a repository which opens the resource explorer, as described below
- Technologies: Displays the most frequently used languages and frameworks detected in the repository. Hover over a technology to its frequency of usage in the pipeline. Selecting the number displayed in the column displays a popup, with information about additional technologies detected in the repository.
- Pipelines: The CI/CD pipeline systems such as Jenkins and GitHub Actions that are connected to the repository. Clicking on the number next to a pipeline opens a pop-up displaying details about the pipelines. Note that you must integrate your CI systems in order to view connected pipelines
- High & Critical Issues: The number of high and critical IaC, Secrets, SCA and CI/CD issues detected in the master branch of a repository. Clicking on the link redirects to the relevant issue page. IaC, Secrets and SCA issues redirect to the Projects page, while CI/CD issues redirect to CI/CD Risks, where the issues are displayed filtered by repository and high-critical severity
- Actions: Selecting the menu under the Actions column displays the following options:
- Application Graph: A graphical representation of the repository’s path to production.
- Last Pull Request Scan: A link to details of the last repository PR scan
- SBOM: A link to the repository SBOM.
Selecting a repository in the inventory table opens the resource explorer displaying additional information about the selected entity.
The
Overview
tab opens opens as the default view, displaying metadata about the repository, including code owners (with a link to details about the code owners) and dependencies (with a link to the SBOM page, filtered by the repository), deployment, including CI files, pipelines and Docker images, and programming languages and frameworks.
- TheContributorstab includes details about the contributors, their permissions and when they last committed code to the repository
Filters
Repositories features default filters for quick data analysis. Additionally, you can add or remove extra filters to further refine your results by selecting the filter.
Available filters include:
- Repository: Filter by repository (Displayed by default)
- Archived: Filter by archived/un-archived repositories (Displayed by default).
- Technologies: Filter by programming languages and frameworks detected in the infrastructure, listed by category to find technologies such as Python, GitHub Actions, Terraform and more. Values: 'Programming', 'Package Manager', 'Data Files', 'Devops' (Displayed by default)
- Issues: Filter by type of issue detected in the environment. Values: 'IaC', 'Images', 'Secrets', 'SCA', 'CI/CD' (Displayed by default)
- Organization: Filter by organization of a version controlled system
- Visibility: Filter by type of repository. Values: 'Private', 'Public'. Displayed after the repository name
- Pipelines: Filter by pipelines detected in the infrastructure
Nodes
View node details
To view a node’s details, click on a node on the graph or right-click on a node >
Info
.
The Details panel opens, displaying the node’s details as well as entities grouped under the node. In addition, the node’s edges and connections to other nodes are displayed on the graph.Node Entities
Nodes of the same type are grouped and displayed under a single group node. A number in the node indicates that the node is a group node, as well as the number of entities in the group. You can view all entities, entity details, and extract an entity from the group and display it independently on the graph.
Action | Steps |
|---|---|
View all entities of a group node | * Open the group node Details panel:Click on the group node > Select a node under the Expanded nodes field . The node is regrouped under the group node and is displayed under the Collapsed node field OR:* Right-click on an extracted node on the graph > Collapse . The entity is regrouped in the group node. |
Extract an entity from the group node | * Click on an entity in the Details panel.
The selected entity moves to the Expanded nodes field OR:
* Right-click on a group node > select Expand - see aboveNOTE: When clicking on an entity in the Details panel, the entity is extracted from the node group and presented on the graph as an individual node. |
View an extracted entity’s details | * Click on the entity in the Details panel OR:
* Right-click on a group node on the graph > Expand > right-click on the extracted node > Info |
Regroup extracted nodes | * Open the group node Details panel: Click on the group node > Select a node under the Expanded nodes field. The node is regrouped under the group node and is displayed under the Collapsed node field OR:
* Right-click on an extracted node on the graph > Collapse . The entity is regrouped in the group node. |
Regroup all extracted nodes | Right-click on an extracted node on the graph > Collapse All . All extracted nodes are regrouped in the group node. |
Edges
Edges are the connections that display the relationships between nodes. The path arrow indicates the direction between the source and target node.
Actions on Edges
- To view the relationship between a node and edge, click on a node. The node’s connections to other nodes are displayed. Details of the relationship including the type direction of the relation are presented
- To view details of a connection: Click on a connection. The connectionDetailspanel opens, displaying the source and target nodes connected by the connection, as well as the type of connection.
Graph Filters
Graph filters include
Categories
and Predefined Queries
.Filter by Category
Categories include all node types detected by Prisma Cloud in the engineering environment. When selecting a category from the list, nodes representing the assets of the category are displayed on the graph.
Filter by Predefined Queries
Predefined Queries are queries defined by the system that allow you to quickly retrieve search results. When selecting a predefined query, the graph is filtered by the query and displays the results.
Query Builder
Query Builder
allows you to create custom queries tailored to your requirements in order to return required data:- In the Application Graph, selectQuery Builder.
- Select an entity from the Entity menu.The entity is displayed in the Query Builder panel.The list of available entities corresponds to all available node types even when they are not detected in the organization.
- Add an entity to the query.
- Click the+button underneath the selected entity. A list of entities connected to the selected entity is displayed.
- Optional, add an attribute to an entity.
- Click thefiltericon in the entity field.The attribute settings opens.
- Select a value from each of the setting field menus:Key,Operator.
- Set a value in theValuefield.
- To add additional attributes: clickAdd Filters +and repeat steps 4a-c above.
- To add additional entities to a query: select the '+' icon under an entity > repeat steps 3, 4 above.
- Click theApplybutton in the top right of the page.The query results are displayed on the graph. TheActive Queryfield in the top left of the screen indicates that a query is applied to the graph view.
Managing Deletions
- Delete an entity from a query: Select the delete icon underneath an entity to delete the entity from the query.
Deleting an entity deletes all subsequent connected entities in the query chain.
- Delete attributes: Select the delete '-' icon next to an attribute field of an entity to delete the attribute
- Delete queries: Click the 'x' icon in the 'Active Query' field in the top left of the screen > selectClearwhen the confirmation popup is displayed.
Last Pull Request Scan
View the last PR scan of the repository in order to understand the vulnerabilities detected in the repository, and to apply fixes: Select Last PR Scan under the Actions column in the inventory table. You are redirected to Projects, displaying repositories filtered by VCS Pull Request, and sorted by last scan.
SBOM
View the repository’s SBOM to understand its inventory of software including libraries, versions of third party components and open source packages, as well as to view all detected vulnerabilities: Select
SBOM
under the Actions
column in the inventory table. You are redirected to the SBOM page, filtered by the selected repository.