Cross-Repository Analytics
Get an organization-wide view of dependency vulnerabilities across all repositories. The cross-repo dashboard aggregates SCA data to surface systemic risks and help prioritize remediation at scale.
Organization Overview
Navigate to SCA > Cross-Repo to see a summary of your organization’s SCA posture:
- Total vulnerabilities across all repositories.
- Severity breakdown showing critical, high, medium, and low counts.
- Trend line tracking total open vulnerabilities over the past 30 days.
- Repositories scanned versus total repositories connected.
Risk Distribution
A color-coded stacked bar visualizes risk distribution across repositories:
| Color | Severity |
|---|---|
| Red | Critical |
| Orange | High |
| Yellow | Medium |
| Blue | Low |
Each segment is proportional to the number of findings at that severity level. Click a segment to jump to that repository’s filtered finding list.
Shared CVEs
The Shared CVEs tab lists vulnerabilities found in more than one repository. This helps identify systemic exposure where a single CVE affects multiple services.
Each row shows:
- CVE ID and description
- Severity level
- Number of affected repositories
- List of affected repository names
- Whether a fix version is available
Remediating shared CVEs has the highest organizational impact since a single fix addresses risk across multiple codebases.
Per-Repository Risk Scores
Each repository receives a computed risk score based on its SCA findings:
| Score Range | Label |
|---|---|
| 0-20 | Low |
| 21-50 | Medium |
| 51-80 | High |
| 81-100 | Critical |
The score accounts for the number and severity of open vulnerabilities, the age of unresolved findings, and whether exploits are known (via KEV catalog data).
Filtering and Sorting
Use the toolbar to narrow the repository list:
- Search — filter by repository name.
- Sort by — risk score, vulnerability count, last scan date, or repository name.
- Severity filter — show only repos with findings at a selected severity or above.
- Scan status — filter by repositories with recent scans, stale scans, or never scanned.
Exporting
Click Export CSV to download the cross-repo summary as a spreadsheet. The export includes repository name, risk score, and vulnerability counts broken down by severity. Use this for executive reporting or compliance evidence.