Projects overview

The Projects page in the Invicti Platform provides a centralized view of your connected application security projects. It supports integration with external systems such as MEND, enabling you to automatically synchronize project data and maintain an up-to-date security inventory.

This document describes how to access the Projects page, what information is available, and what actions you can perform.

Navigate to the Projects page

1. Select Inventory > Projects from the left-side menu.
2. This opens the Projects dashboard, where you can review existing projects and configure new ones for dynamic application security testing (DAST).

Projects columns

This page is connected to the MEND integration and syncs with your MEND projects to fetch relevant metadata and vulnerability information. Projects listed here are dynamically imported from MEND and used within Invicti for tracking and scanning application security risks.

The Projects page lists each asset with the following columns:

• Name - The name of the asset (project), typically synced from an external integration.
• Vulnerabilities - Displays detected vulnerabilities, sorted by severity (Critical, High, Medium, Low, Info).
• Last updated - Shows the date when the project was last scanned or updated. Projects marked as Not Scanned have not yet undergone DAST analysis.
• Languages - Programming languages detected for the project, pulled from the AST connection.
• Created - The date the project entry was created in the Invicti Platform.
• Collections - Lists the collections the project belongs to, for grouping and organization.
• Tags - User-defined tags to label and filter projects more easily.

Available actions

• The Bulk actions feature allows you to manage multiple assets at once by selecting them via checkboxes and performing actions such as:

• Sync vulnerabilities – Manually trigger synchronization of vulnerability data from the source (e.g., Mend).
• Export to file – Download selected project data in a file format (e.g., CSV or JSON).
• Generate report – Create a security report for the selected assets.
• Manage tags – Add or remove tags in bulk for easier organization and filtering.
• Delete – Permanently remove selected projects from the Invicti Platform.

• Manage AST connections: Configure or update integrations with source code repositories or CI/CD systems.
• Add a filter: Narrow down projects using filters such as Name, Vulnerabilities, Last Updated, Languages, or Tags.

Project drawer overview

Clicking on any project (asset) listed in Inventory > Projects opens the Project Drawer, which provides detailed information and management options for the selected asset.

The drawer is organized into three tabs:

1. Overview
   
2. Recent syncs
   
3. Activity

1. Overview tab

This tab presents a high-level summary of the selected project, including synchronization status, vulnerability data, metadata, and linkage to external platforms like Mend.

Key sections:

• Sync with Mend - Allows manual sync operations if integration is enabled.
• Risk level - Displays the overall severity of vulnerabilities detected (when synchronized). Trend indicators compare the current risk level to the previous scan.
• Details - The Details section includes key metadata about the project, such as its description, type, associated languages, applications, collections, tags, creator, timestamps, and its source integration (e.g., Mend).

2. Recent syncs tab

Displays a history of recent synchronization attempts between Invicti and Mend for this specific project, including:

• Timestamps of each sync attempt
• Sync status
• Option to re-run sync manually

We keep the most recent history to reduce the noise, for a greater history visit your Mend instance.

3. Activity tab

The Activity tab displays a chronological log of actions performed on the project, including the action type, the user who performed it, and the date it occurred.