Project Management - NeoTrak Knowledge Base

How to Add Projects

When you click "Add Project", you will see 4 options:

1. CI/CD

Use with GitHub Actions, GitLab CI/CD, or Jenkins for automated project creation.

2. GitHub

Connect your GitHub account and import repositories directly.

3. GitLab

Connect your GitLab account and import repositories directly.

4. Upload File

Manually upload a file for quick project creation.

Creating API Secrets (Required for CI/CD)

Before using CI/CD (GitHub Actions, GitLab CI/CD, or Jenkins), you need to create API Secrets.

Important: The secret is shown only once! Make sure to copy and save your Client ID and Client Secret somewhere safe.

Way 1: From Sidebar

Look at the Left Sidebar
Find the navigation menu on the left side.
Click on "API Secrets"
Click the API Secrets option in the sidebar.
Click "Generate New Secret"
Click the button to create a new secret.
Enter a Name
Give your secret a descriptive name.
Choose Expiration Time
Select from: 7 days, 30 days, 60 days, 90 days, never, or custom.
Click "Generate"
Generate your new API secret.
Copy and Save
Copy your Client ID and Client Secret immediately.

Way 2: From CI/CD Option

Go to Projects Page
Navigate to the Projects section.
Click "Add Project"
Open the Add Project modal.
Choose "CI/CD"
Select the CI/CD option.
Click "Create API Secret"
Click the button shown below the CI/CD options.
Follow the Steps
Complete the same steps as above to generate your secret.

Method 1: Using CI/CD

This method uses CI/CD tools to automatically create projects when you push code. Inside the CI/CD option, you will see 3 choices:

GitHub Actions GitLab CI/CD Jenkins

Option A: Using GitHub Actions

Go to Projects Page
Navigate to the Projects section in NeoTrak.
Click "Add Project"
Open the Add Project modal.
Choose "CI/CD"
Select the CI/CD option from the 4 available methods.
Select "GitHub Actions"
Choose GitHub Actions from the three CI/CD options.
Copy the Code Snippet
You will see a code snippet displayed - copy this code.
Go to Your GitHub Repository
Open your GitHub repository in a browser or IDE.
Create Workflows Folder
Create or open the .github/workflows folder.
Create YAML File
Create a new .yml file (e.g., neotrak.yml).
Paste the Code
Paste the copied code into this file and save.
Add GitHub Secrets
Go to Settings → Secrets and variables → Actions → New repository secret. Add the secrets shown in NeoTrak.
Run the Action
Push your code or run the GitHub Action manually.
Project Created!
Your project will be created automatically in NeoTrak!

Option B: Using GitLab CI/CD

Go to Projects Page
Navigate to the Projects section in NeoTrak.
Click "Add Project"
Open the Add Project modal.
Choose "CI/CD"
Select the CI/CD option.
Select "GitLab CI/CD"
Choose GitLab CI/CD from the options.
Copy the Code Snippet
Copy the displayed code snippet.
Go to Your GitLab Repository
Open your GitLab project.
Open .gitlab-ci.yml
Create or open the .gitlab-ci.yml file in the project root.
Paste the Code
Paste the copied code and save the file.
Add GitLab Variables
Go to Settings → CI/CD → Variables. Add the secrets shown in NeoTrak.
Run the Pipeline
Push your code or run the pipeline manually.
Project Created!
Your project will be created automatically in NeoTrak!

Option C: Using Jenkins

Go to Projects Page
Navigate to the Projects section in NeoTrak.
Click "Add Project"
Open the Add Project modal.
Choose "CI/CD"
Select the CI/CD option.
Select "Jenkins"
Choose Jenkins from the options.
Copy the Code Snippet
Copy the displayed Jenkinsfile code.
Create Jenkinsfile
Create a Jenkinsfile in your project root.
Paste the Code
Paste the copied code and save the file.
Configure Jenkins Credentials
Go to Manage Jenkins → Credentials. Add the required credentials shown in NeoTrak.
Create Jenkins Job
Create a new Jenkins job or pipeline pointing to your repository.
Run the Job
Execute the Jenkins job.
Project Created!
Your project will be created automatically in NeoTrak!

Method 2: Connect Your GitHub Account

This method lets you directly connect your GitHub account and import projects from your repositories.

Go to Projects Page
Navigate to the Projects section.
Click "Add Project"
Open the Add Project modal.
Choose "GitHub"
Select the GitHub option (you will see GitHub icon).
Click "Connect GitHub"
Click the Connect GitHub button.
Login to GitHub
You will be redirected to GitHub login page.
Authorize NeoTrak
Click "Authorize" to give NeoTrak permission to access your repositories.
Return to NeoTrak
After authorization, you will return to NeoTrak.
Select Account/Team
Choose your GitHub Account or Team from the list.
Click "Next"
Proceed to repository selection.
Select Repository
Choose the repository you want to import.
Click "Next"
Proceed to branch selection.
Select Branch
Choose the branch (main, master, dev, etc.).
Click "Create Project"
Finalize the project creation.
Done!
Your project is created and you can see all the security details.

Method 3: Connect Your GitLab Account

This method lets you directly connect your GitLab account and import projects from your repositories.

Go to Projects Page
Navigate to the Projects section.
Click "Add Project"
Open the Add Project modal.
Choose "GitLab"
Select the GitLab option (you will see GitLab icon).
Click "Connect GitLab"
Click the Connect GitLab button.
Login to GitLab
You will be redirected to GitLab login page.
Authorize NeoTrak
Click "Authorize" to give NeoTrak permission to access your projects.
Return to NeoTrak
After authorization, you will return to NeoTrak.
Select GitLab Group
Choose your GitLab Group from the list.
Click "Next"
Proceed to repository selection.
Select Repository
Choose the repository you want to import.
Click "Next"
Proceed to branch selection.
Select Branch
Choose the branch (main, master, dev, etc.).
Click "Create Project"
Finalize the project creation.
Done!
Your project is created and you can see all the security details.

Method 4: Upload File Directly

This is the simplest way to add a project by manually uploading a file.

Go to Projects Page
Navigate to the Projects section.
Click "Add Project"
Open the Add Project modal.
Choose "Upload File"
This option is selected by default.
Fill Project Details
Enter: Project Name (Required), Version (Optional), Description (Optional), Tags (Optional).
Upload Your File
Drag and drop your file or click to browse and select from your computer.
Select File Type
Choose the type from dropdown: SBOM, Java, Python, etc.
Click "Add"
Submit the form to create the project.
Wait for Upload
Wait while the file uploads and is analyzed.
Done!
Your project is created and you can see all the security analysis.

Projects Page Overview

The Projects Page displays a comprehensive list of all projects within the current workspace.

Key Metrics Displayed

Total Projects

Count of all projects in the workspace.

Risk Score

Overall security risk assessment across all projects.

Vulnerable Projects

Number of projects with identified vulnerabilities.

Supply Chain Findings

Summary of supply chain security issues detected.

Project List Table Columns

Column	Description
Project Name	Display name of the project
Vulnerabilities	Count of Critical, High, Medium, and Low vulnerabilities
EOL Findings	Number of End of Life components detected
Last Scan Date	Timestamp of the most recent scan
Scan Status	Updated status of the scan

Actions Available Per Project

Refresh - Triggers a new scan, re-analyzes for vulnerabilities, updates dependency information
Delete - Removes the project (soft delete), requires confirmation

Additional Features

Sort Options - Sort in Ascending (ASC) or Descending (DESC) order
Download Button - Export all projects data to Excel (.xlsx) file including project name, version, vulnerability counts, EOL findings, and last scan date

Project Details Page

When you click on a Project Name from the projects list, you navigate to the Project Details Page which provides comprehensive information about the selected project.

Top Action Buttons

SBOM Tree

Displays hierarchical tree view of software components, showing parent-child relationships and dependency structure.

Export Button

Download SBOM (CycloneDX/SPDX JSON) or Download Excel with all component details.

Add Service

Manually add products/services that weren't automatically detected.

Project Details Tabs

Services Components Issues Secrets Config Issues

1. Services Tab

Displays all products/services associated with the project, both auto-detected and manually added.

Column	Description
Product Name	Name of the product/service
Released Version	Version currently in use
Active Support	Support status (calculated dynamically)
Latest Version	Most recent version available
Actions	Edit or remove the service

Active Support Calculation: Product Version Validity Date - Current Date = Days Remaining

High Risk - Past end-of-support date
Medium Risk - Expires within 90 days
Low Risk - Valid for more than 90 days

2. Components Tab

Lists all software components and dependencies with vulnerability information.

Filter Options: Severity Filter, Outdated Version Filter, Vulnerability Filter

Auto Update: Choose Major, Minor, or Both version updates to generate an updated SBOM or dependency file.

3. Issues Tab

Shows all security vulnerabilities with CVE/GHSA IDs, severity, descriptions, and remediation advice.

4. Secrets Tab

Displays detected secrets and sensitive information in the codebase.

Column	Description
Rules	Detection rule (AWS Access Key, GitHub Token, etc.)
Secret File Name	File path where secret was detected
Action	Suppress option to hide findings
Description	Secret type and security impact

5. Config Issues Tab

Shows configuration-related security issues and misconfigurations.

Column	Description
Branch Name	Git branch where issue was detected
Target Path	File path of affected config file
Count	Number of issues found
Status	Open, Resolved, or Ignored

Expanded rows show: Severity, Description, Resolution steps, and Suppress button for false positives.