Project Detail
Opening a project from the Projects page lands you on its detail view at /projects/:id. The header shows the project name, its Git provider, and a branch selector; the body is organized into tabs.
Overview
Section titled “Overview”A security summary for this one project: its severity mix, a trend of findings over time, the most-triggered rules, recent scans, and — when AI consultation has run — the latest Security Brief.
The scan history for this project: every run with its branch, trigger, engine results, and finding counts. Opening a row goes to Scan Detail. The org-wide equivalent is the Scans page.
Findings
Section titled “Findings”The Findings list, pre-scoped to this project. All the usual filters, sorting, bulk triage, and exports apply.
Dependencies
Section titled “Dependencies”The packages this project depends on, grouped by manifest file, with per-package vulnerability counts. The org-wide view is the Dependency Inventory. You can export this project’s SBOM (CycloneDX or SPDX) from here — see Exports.
Security Brief
Section titled “Security Brief”The project-scoped AI Consultation — an AI-generated risk summary with prioritized remediation steps, plus a chat thread for follow-up questions. Regenerate it after a significant scan.
AI Memory
Section titled “AI Memory”Project-scoped entries of Organizational Memory — directives that steer AI verification for this project only (for example, “this repo’s legacy/ folder is sandboxed”). Org-wide memory is managed in Settings → AI Knowledge.
Settings
Section titled “Settings”Per-project configuration. Project settings override org-wide defaults.
| Setting | Effect |
|---|---|
| Name | The display name of the project. |
| Default branch | The reference branch for auto-fix reconciliation and the dashboard’s “default branch” filter. |
| Scan triggers | Whether managed scans run on push, on pull request, and which branches. |
| Minimum rule severity | Excludes lower-severity rules from this project’s scans. |
| Fail-on severity | The severity at which the CLI exits non-zero in CI/CD — see Severity Gates. |
| AI verification | Override org auto-verify behavior for this project. |
| Dashboard monitoring | Mute this project out of the org dashboard rollup — permanently or on a 7 / 30 / 90-day snooze, with an optional reason. Unmute at any time. |
Muting a noisy project
Section titled “Muting a noisy project”A project that floods the dashboard with low-priority findings can be muted from the Dashboard monitoring card. Muting only hides the project from the org-wide dashboard rollup — it never deletes or alters findings, scans keep running, and everything stays reachable here on the project. The dashboard always shows that muted projects exist and offers a one-click “view all”.