AiDash Security Posture

🔐 AiDash Security Posture — Setup

These credentials are stored only in your browser's localStorage and sent to the local proxy server. They are never sent to any third party.

Interlynk token is read automatically from ~/.lynk-mcp/token.env by the proxy.

Bitbucket Email

Your Bitbucket account email address — used together with the API token for authentication.

Bitbucket API Token

Generate at: Bitbucket → your profile → Personal Settings → API tokens → Create API token → tick Repositories: Read and Projects: Read → Copy token.

Proxy URL

Change to your API Gateway URL when deploying to AWS

Microsoft Teams Webhook URL (optional — for daily failure alerts)

In Teams: open a channel → ··· → Workflows → search "webhook" → select "Send webhook alerts to a channel" → Next → copy the generated URL. (The old Incoming Webhook connector was retired by Microsoft in 2025.)

Codacy API Token (optional — for code quality & coverage data)

Generate at: Codacy → Your Profile → Access Tokens → Add personal API token. Token is stored only in your browser's localStorage and never sent to third parties.

💡 How to use this tab: Inspect a repo from the Products tab — its per-repo breakdown, fix availability, and SBOM quality will load here automatically. For org-wide prioritisation, see the Overview tab (requires Fetch All). License Risk is always populated org-wide.

🛠 Fix Availability ⓘ loaded per product on drilldown

👆

No product selected yet

Go to the Inventory tab, find a repo with an SBOM, and click 🔧 Fix Guide → to load its breakdown here.

⚖ License Risk ⓘ loading…

Loading…

🩺 SBOM Quality ⓘ loaded per product on drilldown

🩺

No product selected yet

SBOM quality findings load automatically when you inspect a product. Low-quality SBOMs mean your CVE count may be understated.

Step 1 — Fetch Complete Data

Reports need data from every product, not a 100-CVE sample. Click Fetch All to iterate through all products with SBOMs, pull the latest version's CVEs (up to 200 per product), and build a complete dataset.
Takes ~30–60 seconds for 100+ products. Uses the existing proxy — no extra setup needed.

No full data loaded yet

Step 2 — Download Reports

🔧 Team Remediation

Every CVE per product, grouped by team. Includes severity, CVSS, KEV flag, fix version, direct vs. transitive. Use to assign fix ownership to engineering leads.

⚠ Fetch full data first for complete results

⚖ License Compliance

All unique licenses org-wide, tiered by legal risk (GPL/AGPL → LGPL/MPL → MIT/Apache). Ready to share with legal for approval/rejection workflow.

Source: Interlynk list_licenses (org-wide, no fetch needed)

📋 SBOM Coverage

All Bitbucket repos with their Interlynk import status — Active (scanning), Stale (SBOM not updated), Imported · No SBOM (added to Interlynk but no pipeline yet), or Not in Interlynk (never imported). Use for planning and audit evidence.

Source: Bitbucket + Interlynk join (no fetch needed)

💥 Blast Radius — CVE Impact

Unique CVEs ranked by how many products are affected. Fixing one CVE here removes risk across the most repos — highest ROI for engineering. Good for executive briefings.

⚠ Fetch full data first for complete results

🗂 Full CVE Inventory

Every CVE across every fetched product in one flat CSV — all severities, all teams. Use for audit evidence or feeding into a ticketing system.

Fetch full data first — this report combines all products.

📌 Coming Soon

📄 Executive Summary PDF — one-pager risk snapshot 📊 Excel Workbook — multi-sheet with charts (Remediation + Coverage + Licenses) 🗂 Audit Evidence Pack — SBOM inventory + policy results