Risk Register - One View to See, Search, and Act on Risk

Risk Register - One View to See, Search, and Act on Risk

Risk Register is a new tab in the DryRun Security dashboard that centralizes findings from PR scans and DeepScans. It gives AppSec, DevSecOps, and engineering leaders a clear starting point to track, triage (coming soon), and act on risk across the entire org.

  • See all findings from all PRs and DeepScans together.
  • Understand where risk is concentrated by repo, type, and severity.
  • Use filters to move from org-level insight to actionable lists in seconds.
  • Prioritize work by Critical/High first, then drill into specifics.

Why it matters

Previously, you could only open a single PR at a time and work the findings in that narrow context. Now, Risk Register shows all findings from all PRs in one place, plus DeepScan findings. That unified view exposes your risk level across the organization and surfaces how many issues you have at each severity in a single screen.

Risk Register Features

  • Unified findings table across all repositories for PR scans and DeepScans
  • Search box to instantly locate findings by file, repo, or keyword
  • Sortable by Risk (with more sort options coming)
  • Industry-standard severities: Critical, High, Medium, Low
  • Filters to focus the view:
    • Date ranges
    • Risk level (Critical, High, Medium, Low)
    • Agent (DeepScan, PR)
    • Status (Merged, Open, Closed)

Severity Model

DryRun Security is moving to industry-standard severities:

  • PR scans: mapping aligns closely to Fail → Critical, Risky → High, Info → Low.
  • DeepScan and other analyzers: normalized to the same four-level model.
  • Configuration-aware: the final severity reflects your analyzer setup in the Default or Custom Configs.

What’s Coming Next

Risk Register will evolve into a true workflow hub:

  • Interactive triage: update status, assign owners, add notes, and change priority from the table
  • Finding detail pages: click any finding to open a dedicated view with full context and remediation guidance
  • Full table sorting for all columns (Type, File, Repo, Detected Date, Agent, PR Status)

FAQs

Does the Risk Register replace the PR or DeepScan pages? No. Those views remain for deep context. Risk Register provides a unified starting point, with finding-level detail pages coming soon.

How are severities determined?
We normalize outputs to Critical/High/Medium/Low. For PR scans, this aligns closely with Fail, Risky, and Info. These values are set in the Default or Custom Configs.

Which columns can I sort today?
Risk is sortable now. Type, File, Repo, Detected Date, Agent, and PR Status will be sortable in an upcoming release.

What filters are available?
Filter by Date range, Risk level, Agent (DeepScan, PR), and Status (Merged, Open, Closed).

Will I be able to assign, change status, or add notes?
Yes. Interactive triage is coming soon, along with a finding detail page and ticketing options.

See DryRun Security in ActionCreate a Natural Language Code Policy