Protect

Edit online

IBM® Concert helps you connect your application data and begin analyzing risks across your code and dependencies.

The flow guides you through connecting your repositories, running analysis, and reviewing risk insights to begin with actions.Protect
  1. Connect a source code repository: Provide the URL of a GitHub repository that you want Concert to analyze.
  2. Authenticate with GitHub: Provide a classic GitHub personal access token (PAT). The token allows Concert to securely access your repositories without storing your GitHub password.
  3. Select repositories: Concert discovers repositories that you have access to. You can:
    • Select active repositories automatically, or
    • Manually choose repositories if no active repositories are detected
  4. Optional advanced settings: Before confirming your selection, you can refine the onboarding configuration:
    • Application grouping: Create a new application or associate repositories with an existing application.
    • Branch selection: Specify which branch to analyze for each repository.
  5. Confirm and start analysis: After you confirm your selection, Concert submits the scan and begins analysis in the background.
You can monitor scan progress from the provided status link while Concert prepares risk insights across the following dimensions:
  • CVE risk (known vulnerabilities)
  • SAST risk (code-level issues)
  • Package risk (third-party dependency risk)
When the analysis is complete, Concert automatically transitions you to the Protect dashboard, where you can:
  • Review risk insights related to vulnerabilities, exposures, and packages
  • Understand which repositories and components are affected
  • Begin prioritizing remediation actions based on risk context

The Protect emphasizes what needs attention without exposing environment-level or operational views that are not relevant to development tasks. For more information, see Protect dashboard.