After you integrate a source code management tool or a CI build system with Aqua, you can add code repositories hosted on them. When the code repositories are added, Aqua will scan all the code repositories and detect the security issues in them: vulnerabilities, sensitive data, security issues detected by SAST (Static Application Security Testing) checks, and IaC misconfigurations. After you integrate with a CI build system with Aqua, all the pipelines in the build system are discovered and misconfigurations in the pipelines are detected.

Navigate to the Risks page to see the security issues detected in all the code repositories and pipelines integrated with Aqua. Each code repository scan detailed view shows the same security issues detected in the code repository and misconfigurations detected in the pipelines associated with the code repository.

Risks list view

The Risks page has the following tabs to display the information of the respective security issues:

  • Vulnerabilities
  • Sensitive Data
  • SAST
  • IaC Misconfigurations
  • Pipeline Misconfigurations

For detailed information on the information displayed in each tab, refer to Code Repository Scan Detailed View.