Skip to content

Project Detail

Opening a project from the Projects page lands you on its detail view at /projects/:id. The header shows the project name, its Git provider, and a branch selector; the body is organized into tabs.

A security summary for this one project: its severity mix, a trend of findings over time, the most-triggered rules, recent scans, and — when AI consultation has run — the latest Security Brief.

The scan history for this project: every run with its branch, trigger, engine results, and finding counts. Opening a row goes to Scan Detail. The org-wide equivalent is the Scans page.

The Findings list, pre-scoped to this project. All the usual filters, sorting, bulk triage, and exports apply.

The packages this project depends on, grouped by manifest file, with per-package vulnerability counts. The org-wide view is the Dependency Inventory. You can export this project’s SBOM (CycloneDX or SPDX) from here — see Exports.

The project-scoped AI Consultation — an AI-generated risk summary with prioritized remediation steps, plus a chat thread for follow-up questions. Regenerate it after a significant scan.

Project-scoped entries of Organizational Memory — directives that steer AI verification for this project only (for example, “this repo’s legacy/ folder is sandboxed”). Org-wide memory is managed in Settings → AI Knowledge.

Per-project configuration. Project settings override org-wide defaults.

SettingEffect
NameThe display name of the project.
Default branchThe reference branch for auto-fix reconciliation and the dashboard’s “default branch” filter.
Scan triggersWhether managed scans run on push, on pull request, and which branches.
Minimum rule severityExcludes lower-severity rules from this project’s scans.
Fail-on severityThe severity at which the CLI exits non-zero in CI/CD — see Severity Gates.
AI verificationOverride org auto-verify behavior for this project.
Dashboard monitoringMute this project out of the org dashboard rollup — permanently or on a 7 / 30 / 90-day snooze, with an optional reason. Unmute at any time.

A project that floods the dashboard with low-priority findings can be muted from the Dashboard monitoring card. Muting only hides the project from the org-wide dashboard rollup — it never deletes or alters findings, scans keep running, and everything stays reachable here on the project. The dashboard always shows that muted projects exist and offers a one-click “view all”.