The Surface section gives information about the Target of Evaluation (ToE). This ToE is the result of repositories, environments, ports and languages specified in the scope roots section.
There are five sections in Surface: Lines referring to the Git Roots repositories, Inputs representing the environments to test, such as URLs/IPs, Ports mean the ports of your IP address, Languages lists the different languages used in your code, and Packages shows the third-party components present in your software and the option to generate an SBOM.
It shows the internal content of the repositories registered in Git Roots, visualizing its roots and the filenames that compose them, being the ToE that the hackers will validate.
This section shows a table providing the following information:
We have several filters in the Lines section, helping us find information quickly and safely. By clicking on the Filters button, you can access them.
It shows us the environments to test specified in the Scope section in Environment URLs/IP, giving us the entry points that the Hackers will validate.
This section shows a table providing the following information:
We have several filters options in the Inputs section. By clicking on the Filters button, you will have access to that options filtering the information of your interest.
You can find Ports in the third tab in the Surface section. There you see the ports of your IP address, so this section will have content if your group's service is black.
This section shows these items, providing the following information:
You have six filters in the Ports section, which help you search for information quickly and safely. You can access these by clicking on the filter icon at the top right next to the search bar.
Here you can see the languages used in your repositories.
This section shows a table providing the following information:
The Packages table consists of a total of 7 columns. Details about each field are provided below:
The filters will help us to refine the data visualization according to specific criteria. There are five filters in total.
Another way to filter the information is through Columns; this function will allow you to customize and display information by selecting specific columns you want to see in the table.
You can export the inventory in two different formats: CycloneDX and SPDX. These formats follow a standard to show dependencies, vulnerabilities and license information in an organized way.
Follow these steps to download your SBOM:
Note: The email with the file may take up to 5 minutes to arrive in your inbox. Keep in mind that the information may vary depending on the standard, where you will see the inventory with the specifications of each standard. This includes the package inventory, versions, location, license and dependency tree, which shows the primary and transitive dependencies.
You can apply a quick search for specific information within the table according to the fields it has.
In the Lines, Inputs and Ports sections, the following functions are available:
You can download the information by clicking on the Export button, which will download a file with CSV (comma-separated values) extension. It contains the data that composes the tables of these three surface sections.
You can show or hide columns in the table by clicking on the Columns button and toggling the on/off button in front of each column name.