Settings
Configure your VulnTrack instance
Integration Status
Monitor and control your data source integrations
Loading integrations...
Last sync: Never synced •
Token with repo, read:org, and security_events scopes
Used to verify webhook payloads from GitHub
| Status | Started | Completed | Items | Details |
|---|---|---|---|---|
Configuration Options: Click the Configure button on each integration to set up credentials via the UI, or use environment variables as a fallback.
UI settings take precedence over environment variables when both are present.
Data Synchronization
Sync data from GitHub, Upwind, and Jira
No data sources configured. They will be auto-created when credentials are set in environment variables.
Restart the server to auto-provision data sources.
Google Directory
Sync users and groups from Google Workspace
Google Directory Not Configured
Set up a service account with domain-wide delegation to enable user sync.
Required environment variables:
GOOGLE_SERVICE_ACCOUNT_KEY- Path to service account JSON keyGOOGLE_ADMIN_EMAIL- Admin email for impersonationGOOGLE_ALLOWED_DOMAIN- Your Google Workspace domain
Run ./scripts/setup-google-directory-api.sh to set up the service account.
Connected Domain
Admin Email
Import all users from Google Directory to the local database.
Import a Google Group as a VulnTrack team with all its members.
Select Google Group
Type at least 2 characters to search
Loading groups...
No groups found matching ""
Search for a Google Group to create a team
Automatic Sync: Google Directory users are automatically synced every hour in the background.
GitHub Repositories
Configure which repositories to scan for vulnerabilities, secrets, and SBOM
Search for repositories in your GitHub organization and click to add
Enter a repository in owner/repo format if you know the exact name
Loading repositories...
No repositories configured
Add repositories to start scanning for vulnerabilities, secrets, and dependencies.
After syncing, findings will appear on the global dashboard.
CODEOWNERS Scan Results
Auto-Assigned Owners
Unmatched Owners
These owners don't have existing team mappings. Assign them to teams via CODEOWNERS import on the team page.
Top-Level Directories
No scan results available for this repository.
Jira Projects
Configure which Jira projects are available for team mappings
Loading projects...
No Jira projects configured
Add projects to link them to teams.
Upwind Sync Settings
Configure how vulnerabilities are synced from Upwind
Runtime agent (SENSOR) detects vulnerabilities that are actually running in your clusters via eBPF. These findings are more actionable because they confirm the vulnerable code is in active use.
Static scanner (CLOUD_SCANNER) analyzes container images for potential vulnerabilities. These may include vulnerabilities in packages that aren't actually in use at runtime.
Upwind Resources
Configure which Kubernetes clusters and namespaces are available for team mappings
Loading resources...
No Upwind resources configured
Add clusters and namespaces to link them to teams.
Data Management
View and manage unassigned findings (data without team mappings)
Loading data counts...
How Data Flows: Repositories added above are scanned for vulnerabilities, secrets, and SBOM data. Findings appear on the global dashboard immediately. You can then create teams and assign resources (directories, CODEOWNERS, etc.) to filter findings down to each team's scope.
Unassigned findings are those from scanned repos that haven't been linked to a team yet.
Vulnerability Findings
Threat Detections
Secret Alerts
SBOM Packages
Purge Unassigned Data
Purge All Unassigned Data
Remove all unassigned findings, threats, secrets, and SBOM packages at once
All findings are assigned to teams
No unassigned data to purge
Confirm Purge
Are you sure you want to permanently delete ? This action cannot be undone.