> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Insights

> Which rules hurt the most across your organization, and org-wide export.

The per-repo pages tell you what's wrong *in one repository*. **Insights**
(sidebar → Insights) answers the cross-cutting question: *which rules fire the
most across the whole organization* — usually the fastest way to decide what
to fix first, because one bad pattern (an unpinned action, a missing
permissions block) tends to repeat across many workflows.

## Worst rules

Every rule that fires in any repository's **latest scan** gets a row, ranked
worst-first (severity, then occurrences, then repos affected). Expand a row to
see exactly which repositories are affected, each linking to its
[repository page](/webapp/overview) for triage or fixing.

Two semantics worth knowing:

* **Triage-aware.** Findings you've dismissed, accepted, or marked false
  positive are excluded — the ranking reflects the same actionable-risk
  numbers as the dashboard, per [finding triage](/webapp/finding-triage).
* **Latest scans only.** Each repository contributes its most recent scan;
  repositories never scanned don't appear.

Everything is computed in your browser from the same row-level-security-scoped
reads the rest of the app uses — switching the
[organization](/webapp/organizations) switches the ranking.

## Org-wide export

The **CSV** and **JSON** buttons download every open finding from every
repository's latest scan, tagged with its repository:

* **CSV** — one row per finding with a leading `repository` column; drops
  straight into a spreadsheet for reporting.
* **JSON** — findings grouped per repository.

SARIF is deliberately per-repo only (on each repository page): a single SARIF
run mixing files from different repositories doesn't upload meaningfully to
code scanning.
