Skip to main content
availability

Package: Invicti AppSec Core (on-demand)

Manage your asset inventory

The Assets management page gives you a complete view of all your assets - targets, projects, and APIs - and lets you act on multiple assets at once. This document explains how to use the page to understand your coverage gaps and apply bulk actions across your inventory.

Why this matters

Managing assets one by one doesn't scale. When you need to assign a team to 30 projects, add a label to a set of targets, or schedule scans across multiple APIs, bulk actions let you do it in a single operation. Keeping your inventory organized - with owners assigned, scans scheduled, and business impact defined - means findings reach the right people at the right priority level from the start.

Invicti assets

Select Inventory > All assets from the left-side menu, then select the Invicti assets tab. The stat cards at the top highlight where your coverage has gaps so you know which assets to act on first:

  • Total assets - the total number of assets in your inventory.
  • Without scanners - assets with no scanner configured. Invicti AppSec won't scan these assets until you assign one.
  • Not scanned in last 30 days - assets that may have drifted out of active coverage.
  • Without issue managers - assets where Invicti AppSec can't route vulnerabilities to a tracker.
  • Without business impact - assets with no risk score; dashboards deprioritize them by default.

Find the assets you need

Use the search bar at the top of the table to filter by asset name. Use the filter icon next to the search bar to narrow results by labels, team, language, product, or other criteria. Adjust Per page to control how many assets appear at once.

Organize and classify assets

Select one or more assets using the checkboxes on the left side of the table. A bulk action panel appears at the top of the page. Select the action you want.

Use these actions to classify your assets and keep your inventory consistent:

  • Add or remove labels - apply shared labels across multiple assets at once, or strip outdated labels from a selection. Assets that already carry a label show it highlighted with a "-" sign; click it to remove. Click an unhighlighted label to add it to all selected assets.
  • Add or remove products - link assets to a product so they appear in the right product-level dashboards. The same highlight pattern as labels applies.
  • Define business impact - set the risk weighting for multiple assets at once. Select Calculate automatically to let Invicti AppSec derive the value from label risk scores, or set it manually. Risk dashboards deprioritize assets without a business impact value.

Assign ownership and routing

Use these actions to make sure each asset has a clear owner and that findings reach the right people:

  • Edit team - assign a team to multiple assets at once. Each team in the panel shows how many of the selected assets it already covers.
  • Assign issue manager - map multiple assets to a project in your issue tracker so Invicti AppSec routes vulnerabilities automatically.
  • Assign notification tool - set the notification channel for the selected assets.

Configure scanning

Use these actions to control how and when scans run across your assets:

  • Schedule scan - assign a scanner to multiple assets and configure when scans run. Only scanners that don't require direct project binding are available. Assets with a repo URL are listed as eligible in the configuration panel.
  • Update scan schedule - change the existing scan schedule for selected assets without reassigning the scanner.
  • Define max. scan duration - set a time limit on how long a scan can run. Useful for keeping scheduled scans within maintenance windows.
  • Validation scan - enable or disable validation scans on multiple assets. Only available when an issue manager is assigned to the selected assets. Configure the triggering event in the settings panel that appears.
  • Add CI/CD security criteria - define the security gates that apply when these assets are built through CI/CD pipelines.
  • Enable or disable repo cloning - control whether Invicti AppSec clones the repository to retrieve contextual data such as code line numbers and committer details. Disable cloning only if this information is already included in the result files you import into Invicti AppSec. A confirmation dialog appears when you apply this change.

Set policies and alert rules

Use these actions to apply consistent policies across multiple assets:

  • Add issue template - apply a template that controls how vulnerabilities from these assets are written to the issue tracker.
  • Add issue criteria - define the conditions under which a vulnerability triggers issue creation in the tracker.
  • Add alert rule - set up alerts that notify your team when scan results from these assets meet a defined condition.

Remove assets you no longer track

Permanent action

Removing assets deletes them from your inventory. You can't undo this action.

Select the assets you want to remove, open the bulk action panel, and select Remove assets. Only remove assets that are genuinely out of scope - archived repositories, decommissioned targets, or duplicate entries.

Code assets

Select Inventory > All assets from the left-side menu, then select the Code assets tab. This tab shows repositories discovered via ALM integrations such as GitHub or GitLab.

The stat cards show your repository coverage at a glance:

  • No. of ALM instances connected - how many ALM integrations are active.
  • No. of repos - the total number of repositories discovered.
  • No. of obsolete repos - repositories that are no longer active in the ALM.
  • Repos not onboarded - repositories discovered but not yet added to your inventory as assets.

Use Sync from ALM to pull in the latest repository list from your connected ALM instances.

Use the search bar at the top of the table to filter by asset name. Use the filter icon next to the search bar to narrow results by other criteria. Adjust Per page to control how many repositories appear at once.

Troubleshooting

The bulk action panel doesn't appear after I select assets

Make sure you've selected at least one asset using the checkbox on the left side of the row. The panel appears at the top of the page only when one or more assets are selected. Bulk actions are only available on the Invicti assets tab.

Some bulk actions are unavailable

Certain actions require prerequisites. Validation scan is only available when an issue manager is already assigned to the selected assets. Schedule scan only lists scanners that don't require direct project binding - if an expected scanner is missing, check that it's active under Integrations.

Repos I expect to see aren't showing up on the Code assets tab

Use Sync from ALM to pull in the latest repository list from your connected ALM instances. If repos are still missing, verify that the ALM integration is active and that your account has access to the relevant repositories in the ALM.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?