The Surface section gives information about the Target of Evaluation (ToE). This ToE is the result of repositories, environments, ports and languages specified in the scope roots section.

There are five sections in Surface: Lines referring to the Git Roots repositories, Inputs representing the environments to test, such as URLs/IPs, Ports mean the ports of your IP address, Languages lists the different languages used in your code, and Packages shows the third-party components present in your software and the option to generate an SBOM.

Lines

It shows the internal content of the repositories registered in Git Roots, visualizing its roots and the filenames that compose them, being the ToE that the hackers will validate.

This section shows a table providing the following information:

• Root: Name of the root or repository that was specified in Git Roots.
• Filename: Path of files that compose the root.
• LOC (Lines of Code): How many lines of code does this file have in total.
• Status: If the file is vulnerable or safe.
• Modified date: The last time the file was modified.
• Last commit: The last commit was identified in the file.
• Last author: The last author who modified the file.
• Seen at: The date the file was added.
• Sorts Priority Factor: It gives a score if that file possibly has a vulnerability. This is done by AI (Artificial Intelligence).
• Be present: The file or document is present in the repository.

Filters in Lines section

We have several filters in the Lines section, helping us find information quickly and safely. By clicking on the Filters button, you can access them.

Inputs

It shows us the environments to test specified in the Scope section in Environment URLs/IP, giving us the entry points that the Hackers will validate.

This section shows a table providing the following information:

• Root: Name of the root or repository specified in Environment URLs.
• Component: The URLs/IPs that this environment has.
• Entry point: Specific Input in the component that will be tested by the Hacker.
• Status: If the component is vulnerable or safe.
• Seen at: The date the component was added.
• Be present: If the component is present in the Root.

Filters in Inputs section

We have several filters options in the Inputs section. By clicking on the Filters button, you will have access to that options filtering the information of your interest.

Ports

You can find Ports in the third tab in the Surface section. There you see the ports of your IP address, so this section will have content if your group's service is black.

This section shows these items, providing the following information:

• Root: The nickname of the IP root.
• Address: The IP address.
• Port: The number of port that was validated.
• Status: The status of the port can be safe or vulnerable.
• Seen at: The date the port was added.
• Be present: If the IP address is present.

Filters in Ports section

You have six filters in the Ports section, which help you search for information quickly and safely. You can access these by clicking on the filter icon at the top right next to the search bar.

Languages

Here you can see the languages used in your repositories.

This section shows a table providing the following information:

• Language: The specific type of language detected in your inputs.
• Lines of Code: Total lines of code detected by this language.
• Percentage: The percentage of its usability

Generate SBOM in the Packages tab

Role required: User, Vulnerability Manager or User Manager

Packages table

The Packages table consists of a total of 7 columns. Details about each field are provided below:

• Root: Name of the root or repository specified in Git Roots.
• Name: Name of the dependency.
• Version: Current version of the dependency.
• Status: Dependency status, indicating if it is Safe or Vulnerable.
• Manager: Name of the package manager.
• Path: Location of the file where the dependency is located.
• Package URL: Direct link redirects to the page containing detailed information about the package and its version.

Filters in Packages section

The filters will help us to refine the data visualization according to specific criteria. There are five filters in total.

Columns in Packages section

Another way to filter the information is through Columns; this function will allow you to customize and display information by selecting specific columns you want to see in the table.

Export SBOM

You can export the inventory in two different formats: CycloneDX and SPDX. These formats follow a standard to show dependencies, vulnerabilities and license information in an organized way.

Follow these steps to download your SBOM:

1. Click on the Export SBOM button.
   

   

2. Select in which format you want to download the inventory of software dependencies: CycloneDX or SPDX.
3. Select the file type: JSON or XML.
4. Once you have selected the formats in which you want your report, select the branches to generate the SBOM. Note that the window only shows the active roots. You will receive a different email for each, depending on the chosen branches.
   

Note: The email with the file may take up to 5 minutes to arrive in your inbox. Keep in mind that the information may vary depending on the standard, where you will see the inventory with the specifications of each standard. This includes the package inventory, versions, location, license and dependency tree, which shows the primary and transitive dependencies.

Search bar

You can apply a quick search for specific information within the table according to the fields it has.

General functions of Surface

In the Lines, Inputs and Ports sections, the following functions are available:

Export button

You can download the information by clicking on the Export button, which will download a file with CSV (comma-separated values) extension. It contains the data that composes the tables of these three surface sections.

Columns filter

You can show or hide columns in the table by clicking on the Columns button and toggling the on/off button in front of each column name.