Security insights

9 minute read

Security insights provides detailed insights about your security scan results, helping resolve security vulnerabilities and improve overall software quality.

Data from workflows, scans, and project management systems is ingested into the platform, indexed, and computed. Reports are connected via a secure API.

Details of the following are displayed:

  • Components, workflows, and successful runs

  • Coding vulnerabilities

  • Workflows and runs by scan type

  • Vulnerabilities by scan type and severity

  • SLA status

  • Mean time to resolve (MTTR) vulnerabilities

  • CWE™ top 25 vulnerabilities present

For any data that is truncated with an ellipsis (…​), hover to display the full content. Use the scroll bars (vertical and horizontal), if necessary, to view the full content.

Access and filter security insights

Select components and the time frame of data for analysis in the security insights dashboard.

  1. Select Analytics  Security insights.

  2. Filter for the data you want to display by selecting the following:

    1. Select FILTER.

    2. Select one or more Components from the options.

    3. Select a Duration from the following options:

      Table 1. Duration filter definitions
      Duration Definition

      Current week

      Current week in the month, Monday to Sunday schedule. For example, if current day is Tuesday, only data from Monday and Tuesday are displayed.

      Previous week

      Previous week in the month, Monday to Sunday schedule.

      Two weeks back

      Two weeks prior in the month, Monday to Sunday schedule.

      Current month

      First day of current month up to current day.

      Previous month

      First day to last day of previous month.

      Two months back

      First day to last day of two months prior.

      Last 7 days

      The past seven days.

      Last 30 days

      The past 30 days.

      Last 90 days

      The past 90 days.

      Custom range

    4. Select APPLY.

The data are filtered accordingly and displayed in the security insights dashboard.

Set a custom date range

View analytics data for any desired time frame, as in the example below:

Custom time frame
Figure 1. Example Custom range selected.

To set a custom date range:

  1. Select FILTER.

  2. Select Custom range.

  3. (Optional) Select the Left chevron to go to a previous month and year.

  4. Select a date for the time frame start.

  5. (Optional) Select the Right chevron to go to a subsequent month and year.

  6. Select a date for the time frame end.

The custom date range is set accordingly and displayed in blue on the date picker.

Customize the dashboard

Customize the dashboard to display only the charts and tables that matter the most to you.

To customize the dashboard:

  1. Select Analytics on the left pane, and then select the dashboard.

  2. Select the Vertical ellipsis on the top right of the dashboard.

  3. Select Edit dashboard.

  4. (Optional) Remove a chart or table from the dashboard.

    1. Select the next to the chart or table you want to remove.

    2. Select SAVE.

  5. (Optional) Add back a chart or table to the dashboard.

    1. Select ADD FROM LIBRARY to display a list of the available charts or tables.

    2. Select ADD TO DASHBOARD next to the item you want.

    3. Select APPLY.

  6. (Optional) Rearrange the items on the dashboard.

    1. Select the Move icon on a chart or table you want to move.

    2. Drag the item to a different location on the dashboard.

System health and runs overview
Figure 2. Editing a dashboard, with move and remove icons highlighted.

The dashboard is customized accordingly.

Only those charts and tables with a in their upper-right corner can be edited.

Components, workflows, and successful runs information

Get an overview of components, workflows, and successful runs for the filtered component data in a specified time frame.

As displayed below, the components, workflows, and successful runs charts include total numbers and those with and without scanning:

Totals of components
Figure 3. Example Components, Workflows, and Successful workflow runs charts.

Each chart displays the following details (highlighted in the Components chart):

  1. Total number

  2. A donut chart of percentages with and without scanners

  3. Number with associated scanners

  4. Number without associated scanners

The Components chart also displays the number of associated repositories, and the Workflows chart displays the number of associated branches.

Select a number in the components chart to list:

  • Component name

  • Repository URL

  • Status

  • Last activity date and time

If you select a section of the donut chart, or the active or inactive numbers, the data displayed is for only that subset of components.

In the list, perform any of the following:

  • Select FILTER to filter by status.

    Totals of components
    Figure 4. Filtering the component list with scanners only.
  • Search for specific components by entering all or part of a component name into Search.

  • Select a component name to display runs from that component in a new tab.

Select a number in the workflows chart to list:

  • Workflow name

  • Component name

  • Branch name

  • Status

  • Last activity date and time

If you select a section of the donut chart, or the numbers with or without scanners, the data displayed is for only that subset of workflows.

In the list, perform any of the following:

  • Select FILTER to filter with scanners or without scanners.

  • Search for specific workflows by entering all or part of a workflow name, component name, or branch into Search.

  • Select a component name to display runs from that component in a new tab.

Select a number in the successful workflow runs chart to list:

  • Run ID

  • Workflow name

  • Component name

  • Branch name

  • Scanner name, if present, or No scanners alert

  • Scanning status

If you select a section of the donut chart, or the numbers with or without scanners, the data displayed is for only that subset of successful runs.

In the list, perform any of the following:

  • Select FILTER to filter with scanners or without scanners.

  • Search by entering all or part of a workflow name, component name, or branch into Search.

  • Select a run ID to display run details in a new tab.

  • Select a component name to display runs from that component in a new tab.

Vulnerabilities overview

Get an overview of vulnerabilities for the filtered component data in a specified time frame.

As in the example below, the Vulnerabilities overview provides the number of vulnerabilities grouped by status:

Vulnerabilities overview
Figure 5. Hovering over a date in a Vulnerabilities overview example.

The overview includes the following:

  1. Total Found, Reopened, Resolved, and Open vulnerabilities. Select a total to display details for just that vulnerability status group.

  2. Hover over a date to display the number of vulnerabilities in each status for that date, or select it to display the details for vulnerabilities on that date.

Vulnerabilities details

The list of vulnerability details includes the following:

  • Vulnerability ID

  • First discovered date and time

  • Vulnerability name

  • Status

  • Severity: Low, Medium, High, or Very high.

  • Number of impacted components

In the list, perform any of the following:

  • Select FILTER to filter by status.

  • Search by entering all or part of one of the following into Search:

    • Vulnerability ID

    • Vulnerability name

    • First discovered date and time

    • Severity

  • Select the Circle arrow next to a vulnerability ID to display a table of the following for that vulnerability:

    • Last discovered date and time

    • Component name: select to display runs from that component in a new tab.

    • Branch name

    • Scanner name

    • Number of occurrences

    • SLA status

    • Vulnerability status

      Vulnerabilities lists
      Figure 6. Vulnerabilities list with a highlighted icon to open the table.

Open and reopened vulnerabilities

The chart of open and reopened vulnerabilities for the filtered component data in a specified time frame displays the mean age of occurrences, and groups the vulnerabilities by severity.

The example chart below displays the number of vulnerabilities, grouped by severity:

Open vulnerabilities
Figure 7. Hovering over a date in the opened vulnerabilities chart.

Open and reopened vulnerabilities includes the following:

  1. Total Very high, High, Medium, and Low severities of vulnerabilities. Select a total to display details for just that severity group.

  2. The candlestick chart displays the mean age of open vulnerabilities.

  3. Hover over a severity group to display the minimum, median, and maximum days open, or select it to display details for just the vulnerabilities at that severity level.

Open and reopened vulnerabilities details

In the details list, perform any of the following:

  • Select FILTER to filter by severity.

  • Search by entering all or part of one of the following into Search:

    • Vulnerability ID

    • First discovered date and time

    • Vulnerability name

    • Severity

  • Select the Circle arrow next to a vulnerability ID to display the following for that vulnerability:

    • Last discovered date and time

    • Component name: select to display runs from that component in a new tab.

    • Branch name

    • Scanner name

    • Number of occurrences

    • SLA status

Scan types in workflows

Get an overview of scan types in workflows for the filtered component data in a specified time frame.

The scan types are the following:

As in the example below, Scan types in workflows provides the number of workflows and runs grouped by scan type:

Scan types overview
Figure 8. Example of hovering over the Container group in the scan types chart.

Perform any of the following:

  • Hover over a scan type to display the number of workflows and runs with that type.

  • Select either a workflow or a runs bar to display a list of scan details.

Scan details

The scan details list includes:

  • Build number

  • Workflow name

  • Component name

  • Branch name

  • Scan type: Container, DAST, SAST, or SCA.

  • Scanner name

Perform any of the following:

  • Select FILTER to filter by scan type.

  • Search by entering all or part of one of the following into Search:

    • Workflow name

    • Component name

    • Branch name

    • Scan type: Container, DAST, SAST, or SCA.

    • Scanner name

  • Select a Build # to display its run details in a new tab.

Vulnerabilities by security scan type

Get an overview of vulnerabilities grouped by scan type for the filtered component data in a specified time frame.

The example chart below displays the number of vulnerabilities, grouped by scan type:

Vulnerabilities by scan type
Figure 9. Hovering over a scan type in the vulnerabilities chart.

Perform the following with the Vulnerabilities by security scan type chart:

  1. Total vulnerabilities with Container, DAST, SAST, or SCA scan types are displayed. Select a total to display a list of vulnerability details for just that scan type.

Vulnerability details by scan type

The list of vulnerability details displays the following:

+ * Vulnerability ID * First discovered date and time * Vulnerability name * Severity: Low, Medium, High, or Very high * Scan type * Number of impacted components

+ In the list, perform any of the following:

  • Select FILTER to filter by scan type and/or severity.

  • Search by entering all or part of any column item (except for Number of impacted components) into Search.

  • Select the Circle arrow next to a vulnerability ID to display the following for that vulnerability:

    • Last discovered date and time

    • Component name: select to display runs from that component in a new tab.

    • Branch name

    • Scanner name

    • Number of occurrences

    • SLA status

    • Vulnerability status

      1. Hover to display the number of vulnerabilities in a given scan type, grouped by severity.

      2. Select a bar on the graph to display vulnerability details for just that scan type and severity.

SLA status overview by occurrences

Get an overview of vulnerability occurrence and SLA status for the filtered component data in a specified time frame.

As in the example below, the SLA status overview by occurrences chart provides the number of vulnerabilities grouped by their status and their SLA status:

SLA status overview
Figure 10. An example overview chart of vulnerabilities grouped by SLA status.

The overview includes the following:

  1. Totals of Open vulnerabilities by SLA status:

    • On track: Less than two days

    • At risk

    • Breached

  2. Totals of Closed vulnerabilities by SLA status:

    • Within SLA

    • Breached

Select a bar on the chart to display details for just that status group.

SLA status details

The list of SLA status details includes the following:

  • First discovered date and time

  • Vulnerability name

  • Component name

  • Severity: Low, Medium, High, or Very high.

  • SLA status

  • Vulnerability status

In the list, perform any of the following:

  • Select FILTER to filter by SLA status.

  • Search by entering all or part of any column item into Search.

MTTR for vulnerabilities occurrences

The mean time to resolve (MTTR) is a metric to track how long it takes to fix vulnerabilities. Get an understanding of the MTTR for vulnerabilities (grouped by severity) for the filtered component data in a specified time frame.

The example chart below displays the MTTR of vulnerabilities, grouped by severity:

MTTR by severity
Figure 11. Hovering over a date to display the MTTR by severity.

Perform the following with the MTTR for vulnerabilities occurrences chart:

  1. MTTs are grouped by severity: Very high, High, Medium, or Low. Select an MTTR to display its details.

  2. Hover over a date to display the MTTR by severity. Select a bar on the chart to display the details list for that date and severity.

MTTR for vulnerabilities details

The details list includes the following:

  • Vulnerability ID

  • First discovered date and time

  • Average resolution time

  • Severity

  • Resolved areas

Perform the following in the details list:

  • Select FILTER to filter by severity.

  • Search by entering all or part of any column item (except for Resolved areas) into Search.

  • Select the Circle arrow next to a vulnerability ID to display the following for that vulnerability:

    • Last discovered date and time

    • Component name: select to display runs from that component in a new tab.

    • Branch name

    • Scanner name

    • Resolution time

    • SLA status

CWE™ Top 25 vulnerabilities

The Common Weakness Enumeration (CWE™) Top 25 is a community-developed list of common software weaknesses. Get an understanding of components impacted by any of the CWE Top 25 vulnerabilities for the filtered component data in a specified time frame.

The CWE Top 25 chart displays the following:

  • CWE ID

  • Vulnerability name

  • Number of impacted components

Select a component number to display CWE Top 25 occurrences details.

CWE™ Top 25 occurrences details

  • Vulnerability ID

  • First discovered date and time

  • Vulnerability name

  • Severity

  • Number of impacted components

CWE Top 25 details
Figure 12. Example CWE Top 25 vulnerability details.

As in the CWE Top 25 details example above, perform the following:

  1. Select FILTER to filter by vulnerability ID.

  2. Search by entering all or part of any column item (except for Number of impacted components) into Search.

  3. Select the Circle arrow next to a vulnerability ID to display:

    • Last discovered date and time

    • Component name

    • Branch name

    • Scanner name

    • Number of occurrences

    • SLA status

  4. Select a component name to display runs from that component in a new tab.

  5. Select an occurrence number to display the following:

    • Repository URL: select to go to the URL.

    • Locations (file name and line numbers)

    • Message

CWE Top 25 details
Figure 13. Example of selecting a CWE Top 25 occurrence.