Skip to main content

View projects

There are multiple ways to view information about projects and repositories connected to Contrast from GitHub, Bitbucket or GitLab.

Note

  • Depending on your permissions in the organization, you may or may not be able to perform actions on this page. To be able to delete a repository you will need admin permissions enabled.

  • Connections to Bitbucket and GitLab are available by request only. Contact Support to enable the connections.

ProjectView.png

  • Select Projects in the header.

  • Select a project name from the list and, if applicable, expand the row to view more information about the connected projects. Each row contains the latest activity and the total number of vulnerable libraries along with the total number of critically vulnerable libraries.

  • The projects view shows:

    • Name: This is the name of the project containing either the manifest stored locally for the CLI or the GitHub, Bitbucket, or GitLab account and repository name. The type of project is identified by the analysis performed.

      • Projects analyzed by Contrast CLI are identified with this icon CLIanalysis.png

      • Projects analyzed by the Contrast Security GitHub App, Bitbucket, or GitLab are identified with this icon GBGanalysis.png.

    • Last activity date: The latest activity (the reason for the trigger) and a timestamp of the latest activity.

    • Connections: Connect Contrast to your GitHub, Bitbucket, or GitLab account to see results.

    • Vulnerable libraries: This shows the number of libraries in the project with an identified vulnerability (CVE). The number of libraries with at least one critical severity CVE is coded red. If applicable, expand a row to view the connected projects. Hover over the thermometer section to see the number of CVEs by severity. Click the thermometer to open the details panel. If vulnerabilities exist, they display in a list and are color-coded by severity.

      • If a message of Analysis not complete. Try again or contact Support. appears, it means that the analysis is in progress or there is a failure. Try connecting the repository again. If that fails contact Support for help.

      • If a message of None identified appears, it means that no vulnerable libraries have been found.

    • Actions: This is where you can view the repository, disconnect the repository connections, or export the CLI project data to a CSV file.

  • Use the sort by dropdown at the top-right to sort the list by the last activity date or the repository name.

In this section: