Skip to main content

Project

A Project is a continuous security entity within an organization. While an Assessment is a single scan run, a Project represents an ongoing relationship with a specific codebase or target. It owns a source (repository or archive series), can enable PR review, scheduled scans, and monitoring, and maintains a living knowledge base that makes each subsequent assessment faster and more accurate.

Source

A project owns a source: either a connected VCS repository (GitHub or GitLab) or an uploaded archive series. The project maintains a revision history with named refs (e.g. production by default), so you can pin assessments to specific points in your codebase history. Once a project has revisions, the provider and repository are immutable. You cannot swap the source repo without creating a new project. For archive-based projects, each upload adds a new revision to the series, preserving a complete history of tested revisions and their timestamps.

Continuous capabilities

A project can enable three continuous capabilities, each independent of individual assessments:

PR Review

Each pull request against the project's repository triggers an automated security review. The agent audits changed paths and posts inline comments with fix suggestions. See PR Review.

For VCS-backed projects, the Source tab includes a webhook delivery log. It shows recent push and pull-request events, whether AISafe processed or ignored them, and the reason when ignored.

Scheduled Scans

You can configure recurring scan cadences (e.g. each day, each week, each month). AISafe materializes due occurrences and creates normal assessments. See Scheduled Scans.

Monitoring

Monitoring re-validates finding proof-of-concepts and alerts you when a fix regresses or a safe area becomes vulnerable. See Monitoring.

Living knowledge base

Each project owns a living knowledge base: a persistent store that accumulates context across scans. A project-bound assessment loads prior findings, code structure understanding, and triage decisions from this knowledge base at start. At completion, the assessment saves new knowledge back. Your second scan of a repo is faster and more accurate than the first. Results improve over time as more assessments accumulate.

Project-bound vs standalone assessments

Assessments may belong to a project. Project-bound code audits take their source from the project. You choose which revision/ref and an optional path scope. Project-bound pentests inherit the project's blackbox configuration as defaults. Standalone assessments (not bound to any project) retain their existing behavior, with no knowledge base loading.