Security insights

10 minute read

Security insights provides detailed insights about your security scan results, helping resolve security vulnerabilities and improve overall software quality.

Data from workflows, scans, and project management systems is ingested into the platform, indexed, and computed. Reports are connected via a secure API.

Details of the following are displayed:

  • Components, workflows, and workflow runs

  • Coding vulnerabilities

  • Workflows and runs by scan type

  • Vulnerabilities by scan type and severity

  • SLA status

  • Mean time to resolve (MTTR) vulnerabilities

  • CWE™ top 25 vulnerabilities present

Use the following features to access the data on this dashboard:

  • Hover to display the full content for any data that is truncated with an ellipsis (…​).

  • Use scroll bars (vertical and horizontal) to display hidden content.

Access and filter security insights

Select components and the time frame of data for analysis in the security insights dashboard. By default, all components and the last seven days of data are displayed.

  1. Select Analytics  Security insights.

  2. (Optional) Filter for the data you want to display by selecting the following:

    1. Select FILTER.

    2. Select one or more Components from the options.

    3. Select a Duration from the following options:

      Table 1. Duration filter definitions
      Duration Definition

      Current week

      Current week in the month, Monday to Sunday schedule. For example, if current day is Tuesday, only data from Monday and Tuesday are displayed.

      Previous week

      Previous week in the month, Monday to Sunday schedule.

      Two weeks back

      Two weeks prior in the month, Monday to Sunday schedule.

      Current month

      First day of current month up to current day.

      Previous month

      First day to last day of previous month.

      Two months back

      First day to last day of two months prior.

      Last 7 days

      The past seven days.

      Last 30 days

      The past 30 days.

      Last 90 days

      The past 90 days.

      Custom range

    4. Select APPLY.

The data are filtered accordingly and displayed in the security insights dashboard.

Set a custom date range

To set a custom date range:

  1. Select FILTER.

  2. Select Custom range.

  3. Select dates for the time frame start and end.

The custom date range is set accordingly and displayed in blue on the date picker. You can view the analytics data for any desired time frame, as in the example below:

Custom time frame
Figure 1. Example Custom range selected.

Customize the dashboard

Customize the dashboard to display only the charts and tables that matter the most to you.

Only charts and tables with Delete in the upper-right corner can be edited.

To customize the dashboard:

  1. Select Analytics on the left pane, and then select the dashboard.

  2. Select Vertical ellipsis on the top right of the dashboard.

  3. Select Edit dashboard.

  4. (Optional) Remove a chart or table from the dashboard.

    1. Select Delete next to the chart or table you want to remove.

    2. Select Save.

  5. (Optional) Add back a chart or table to the dashboard.

    1. Select Add chart/table to display a list of the available charts or tables.

    2. Select Add to dashboard next to the item to add.

    3. Select Apply.

  6. (Optional) Rearrange items on the dashboard by dragging them into place.

The dashboard is customized accordingly.

Components, workflows, and workflow runs information

Get an overview of components, workflows, and workflow runs for the filtered component data in a specified time frame.

As displayed below, the components, workflows, and workflow runs charts include total numbers and those with and without scanning:

Totals of components
Figure 2. Example Components, Workflows, and Workflow runs charts.

Each chart displays the following details (highlighted in the Components chart):

  1. Total number

  2. A donut chart of percentages with and without scanners

  3. Number with associated scanners

  4. Number without associated scanners

The Components chart also displays the number of associated repositories, and the Workflows chart displays the number of associated branches.

Select a number in the components chart to list the following:

  • Component name

  • Repository URL

  • Status

  • Last activity date and time

If you select a section of the donut chart, or the active or inactive numbers, the data displayed is for only that subset of components.

In the list, perform any of the following:

  • Select FILTER to filter by scanner type.

    Totals of components
    Figure 3. Filtering the component list with scanners only.
  • Search for specific components by entering all or part of a component name into Search.

  • Select a component name to display runs from that component in a new browser tab.

Select a number in the workflows chart to list:

  • Workflow name

  • Component name

  • Branch name

  • Status

  • Last activity date and time

If you select a section of the donut chart, or the numbers with or without scanners, the data displayed is for only that subset of workflows.

In the list, perform any of the following:

  • Select FILTER to filter with scanners or without scanners.

  • Search for specific workflows by entering all or part of a workflow name, component name, or branch into Search.

  • Select a component name to display runs from that component in a new browser tab.

Select a number in the workflow runs chart to list:

  • Run ID

  • Workflow name

  • Component name

  • Branch name

  • Scanner name, if present, or No scanners alert

  • Scanning status

    • If you use scanners for workflow runs, the scan status displays as Scanned or Not scanned. Otherwise, the scan status displays as Not applicable.

    • If you select a section of the donut chart, or the numbers with or without scanners, the data displayed is for only that subset of workflow runs.

In the list, perform any of the following:

  • Select FILTER to filter with scanners or without scanners.

  • Search by entering all or part of a workflow name, component name, or branch into Search.

  • Select a run ID to display run details in a new browser tab.

  • Select a component name to display runs from that component in a new browser tab.

Vulnerabilities overview

Get an overview of vulnerabilities for the filtered component data in a specified time frame.

As in the example below, the Vulnerabilities overview provides the number of vulnerabilities grouped by status:

Vulnerabilities overview
Figure 4. Hovering over a date in a Vulnerabilities overview example.

The overview includes the following:

  1. Total Found, Reopened, Resolved, and Open vulnerabilities. Select a total to display details for just that vulnerability status group.

  2. Hover over a date to display the number of vulnerabilities in each status for that date, or select it to display the details for vulnerabilities on that date.

Vulnerabilities details

The list of vulnerability details includes the following:

  • Vulnerability ID

  • First discovered date and time

  • Vulnerability name

  • Status

  • Severity: Low, Medium, High, or Very high.

  • Number of impacted components

In the list, perform any of the following:

  • Select FILTER to filter by status.

  • Search by entering all or part of one of the following into Search:

    • Vulnerability ID

    • Vulnerability name

    • First discovered date and time

    • Severity

  • Select the Circle arrow next to a vulnerability ID to display a table of the following for that vulnerability:

    • Last discovered date and time

    • Component name: select to display runs from that component in a new browser tab.

    • Branch name

    • Scanner name

    • Number of occurrences

    • SLA status

    • Vulnerability status

      Vulnerabilities lists
      Figure 5. Vulnerabilities list with a highlighted icon to open the table.

Open and reopened vulnerabilities

The chart of open and reopened vulnerabilities for the filtered component data in a specified time frame displays the mean age of occurrences, and groups the vulnerabilities by severity.

The example chart below displays the number of vulnerabilities, grouped by severity:

Open vulnerabilities
Figure 6. Hovering over a date in the opened vulnerabilities chart.

Open and reopened vulnerabilities includes the following:

  1. Total Very high, High, Medium, and Low severities of vulnerabilities. Select a total to display details for just that severity group.

  2. The candlestick chart displays the mean age of open vulnerabilities.

  3. Hover over a severity group to display the minimum, median, and maximum days open, or select it to display details for just the vulnerabilities at that severity level.

Open and reopened vulnerabilities details

In the details list, perform any of the following:

  • Select FILTER to filter by severity.

  • Search by entering all or part of one of the following into Search:

    • Vulnerability ID

    • First discovered date and time

    • Vulnerability name

    • Severity

  • Select the Circle arrow next to a vulnerability ID to display the following for that vulnerability:

    • Last discovered date and time

    • Component name: select to display runs from that component in a new browser tab.

    • Branch name

    • Scanner name

    • Number of occurrences

    • SLA status

Scan types in workflows

Get an overview of scan types in workflows for the filtered component data in a specified time frame.

The scan types are the following:

As in the example below, Scan types in workflows provides the number of workflows and runs grouped by scan type:

Scan types overview
Figure 7. Example of hovering over the Container group in the scan types chart.

Perform any of the following:

  • Hover over a scan type to display the number of workflows and runs with that type.

  • Select either a workflow or a runs bar to display a list of scan details.

Scan details

The scan details list includes:

  • Build number

  • Workflow name

  • Component name

  • Branch name

  • Scan type: Container, DAST, SAST, or SCA.

  • Scanner name

Perform any of the following:

  • Select FILTER to filter by scan type.

  • Search by entering all or part of one of the following into Search:

    • Workflow name

    • Component name

    • Branch name

    • Scan type: Container, DAST, SAST, or SCA.

    • Scanner name

  • Select a Build # to display its run details in a new browser tab.

Vulnerabilities by security scan type

Get an overview of vulnerabilities grouped by scan type for the filtered component data in a specified time frame.

The example chart below displays the number of vulnerabilities, grouped by scan type:

Vulnerabilities by scan type
Figure 8. Hovering over a scan type in the vulnerabilities chart.

Perform the following with the Vulnerabilities by security scan type chart:

  1. Total vulnerabilities with Container, DAST, SAST, or SCA scan types are displayed. Select a total to display a list of vulnerability details for just that scan type.

Vulnerability details by scan type

The list of vulnerability details displays the following:

  • Vulnerability ID

  • First discovered date and time

  • Vulnerability name

  • Severity: Low, Medium, High, or Very high

  • Scan type

  • Number of impacted components

In the list, perform any of the following:

  • Select FILTER to filter by scan type and/or severity.

  • Search by entering all or part of any column item (except for Number of impacted components) into Search.

  • Select the Circle arrow next to a vulnerability ID to display the following for that vulnerability:

    • Last discovered date and time

    • Component name: select to display runs from that component in a new browser tab.

    • Branch name

    • Scanner name

    • Number of occurrences

    • SLA status

    • Vulnerability status

      1. Hover to display the number of vulnerabilities in a given scan type, grouped by severity.

      2. Select a bar on the graph to display vulnerability details for just that scan type and severity.

SLA status overview by occurrences

Get an overview of vulnerability occurrence and SLA status for the filtered component data in a specified time frame.

As in the example below, the SLA status overview by occurrences chart provides the number of vulnerabilities grouped by their status and their SLA status:

SLA status overview
Figure 9. An example overview chart of vulnerabilities grouped by SLA status.

The overview includes the following:

  1. Totals of Open vulnerabilities by SLA status:

    • On track: Less than two days

    • At risk

    • Breached

  2. Totals of Resolved vulnerabilities by SLA status:

    • Within SLA

    • Breached

Select a bar on the chart to display details for just that status group.

SLA status details

The list of SLA status details includes the following:

  • First discovered date and time

  • Vulnerability name

  • Component name

  • Severity: Low, Medium, High, or Very high.

  • SLA status

  • Vulnerability status

In the list, perform any of the following:

  • Select FILTER to filter by SLA status.

  • Search by entering all or part of any column item into Search.

MTTR for vulnerabilities occurrences

The mean time to resolve (MTTR) is a metric to track how long it takes to fix vulnerabilities. Get an understanding of the MTTR for vulnerabilities (grouped by severity) for the filtered component data in a specified time frame.

The example chart below displays the MTTR of vulnerabilities, grouped by severity:

MTTR by severity
Figure 10. Hovering over a date to display the MTTR by severity.

Perform the following with the MTTR for vulnerabilities occurrences chart:

  1. MTTs are grouped by severity: Very high, High, Medium, or Low. Select an MTTR to display its details.

  2. Hover over a date to display the MTTR by severity. Select a bar on the chart to display the details list for that date and severity.

MTTR for vulnerabilities details

The details list includes the following:

  • Vulnerability ID

  • First discovered date and time

  • Average resolution time

  • Severity

  • Resolved areas

Perform the following in the details list:

  • Select FILTER to filter by severity.

  • Search by entering all or part of any column item (except for Resolved areas) into Search.

  • Select the Circle arrow next to a vulnerability ID to display the following for that vulnerability:

    • Last discovered date and time

    • Component name: select to display runs from that component in a new browser tab.

    • Branch name

    • Scanner name

    • Resolution time

    • SLA status

CWE™ Top 25 vulnerabilities

The Common Weakness Enumeration (CWE™) Top 25 is a community-developed list of common software weaknesses. Get an understanding of components impacted by any of the CWE Top 25 vulnerabilities for the filtered component data in a specified time frame.

The CWE Top 25 chart displays the following:

  • CWE ID

  • Vulnerability name

  • Number of impacted components

Select a component number to display CWE Top 25 occurrences details.

CWE™ Top 25 occurrences details

  • Vulnerability ID

  • First discovered date and time

  • Vulnerability name

  • Severity

  • Number of impacted components

CWE Top 25 details
Figure 11. Example CWE Top 25 vulnerability details.

As in the CWE Top 25 details example above, perform the following:

  1. Select FILTER to filter by vulnerability ID.

  2. Search by entering all or part of any column item (except for Number of impacted components) into Search.

  3. Select the Circle arrow next to a vulnerability ID to display:

    • Last discovered date and time

    • Component name

    • Branch name

    • Scanner name

    • Number of occurrences

    • SLA status

  4. Select a component name to display runs from that component in a new browser tab.

  5. Select an occurrence number to display the following:

    • Repository URL: select to go to the URL.

    • Locations (file name and line numbers)

    • Message

CWE Top 25 details
Figure 12. Example of selecting a CWE Top 25 occurrence.

Compare metrics

Use this feature to compare metrics among all organizations (orgs) and sub-organizations (sub-orgs) in the tenant. You can compare metrics within select charts in the analytics dashboards. In the generated list of all orgs/sub-orgs, sort by the org/sub-org name or its status. Select an org to drill down to the component level to display a more fine-grained status list. Hover over a status item to display more information.

You can only compare metrics for charts with Two arrows on the upper right.

To compare metrics:

  1. Select Analytics on the left pane, and then select a dashboard.

  2. Select any Two arrows on the upper right of a chart to display the list of orgs/sub-orgs and their status.

    The number of items in the compare metrics list equals the total displayed in the chart.
  3. (Optional) Hover over a status to display more information.

  4. (Optional) Select Sort down or Sort up next to a column heading to sort on that heading.

  5. (Optional) Select an org to list more information about each sub-org and/or component within that org.

  6. (Optional) Select a sub-org to list more details about each sub-org and/or component within that sub-org.

The list of the status of all orgs/sub-orgs/components for the specific metric is displayed.