Security insights

Security insights provides detailed insights about your security scan results, helping resolve security vulnerabilities and improve overall software quality.

The dashboard charts display a range of information on project activity, including:

Components, workflows, and successful workflow runs.
Vulnerabilities overview, open and reopened vulnerabilities.
Scan type in workflows, vulnerabilities by security scan type.
SLA status overview by occurrences, Mean time to repair (MTTR) for vulnerabilities occurrences.
CWETM top 25 vulnerabilities.

Select the dashboard time frame to be any of the following:

Current week
Previous week
Two weeks back
Current month (default)
Previous month
Two months back

Filter security insights

If desired, filter security insights by component and time frame. The default dashboard view displays all component activity for the current month.

Select the next to Analytics on the left pane, select Security insights, and then select FILTER.

Figure 1. Select FILTER to display the filtering options.

Select one or more Components from the options.
Select a Time frame from the options.
Select RESET FILTERS to select the default options.
Select to close the pane.

Explore components, workflows, and successful workflow runs

Figure 2. Example Components, Workflows, and Successful workflow run charts.

Components: The donut chart indicates that 44 components have a workflow file with a security scan step and 382 components with no scan security step, out of total 426 components.
- Select the Total components, With Scanners, or Without Scanners number links to display a list of total components and components having a workflow file with or without the security scan step, respectively, for the selected time frame. Each list includes:
  - Component name
  - Repository
  - Scanners
Workflows: The donut chart indicates that out of 426 components, users have created 2648 workflow YAML files across all branches. There are 1707 branches in the 414 repositories. Out of 2648 workflow files, 247 files contain a scan step, and 2401 are without scan steps.
- Select the Total workflows, With Scanners, or Without Scanners number links to display a list of total workflow files and workflow files with or without the security scan step, respectively, for the selected time frame. Each list includes:
  - Workflow
  - Component
  - Branch
  - Workflow runs
  - Scanners
Successful workflow runs: The donut chart indicates that the workflow runs are executed 10066 times, out of which 1133 are executed with the scan step, and 8933 are executed without the scan step.
- Select the Total runs, With Scanners, or Without Scanners number links to display a list of total workflow runs and the number of workflow runs executed with or without the security scan step, respectively, for the selected time frame. Each list includes:
  - Run ID
  - Workflow
  - Component
  - Branch
  - Scanner name
  - Scan status

Explore successful workflow runs

Click on the total runs to display the below list:

Figure 3. Example list of Successful workflow runs.

Explore vulnerabilities overview and open & reopened vulnerabilities

Figure 4. Example Vulnerabilities Overview and Open & reopened vulnerabilities charts.

Vulnerabilities Overview: The graph displays that out of 752 found vulnerabilities, there are 726 open, five reopened, and 21 resolved. Each occurrence of a unique vulnerability ID is treated as one count; for example, if a component has three vulnerabilities with the same vulnerability ID, they will be counted as one.
- Found: The new vulnerabilities found in the selected duration and sub-organization.
- Reopen: The vulnerabilities found in the previous duration that were closed in the past but are found again in the current duration.
- Resolved: The vulnerabilities that were found in the previous or current duration and are resolved and no longer appear in the security scan.
- Open: The unresolved vulnerabilities.
Open & reopened vulnerabilities: The graph displays how long the vulnerabilities are open. Each vulnerability is categorized based on the severity level.

Explore open and reopened vulnerabilities

Figure 5. Selecting the VERY HIGH bar displays the duration of open vulnerabilities.

The candle stick graph displays the vulnerabilities over time (denominated in weeks). VERY HIGH bar in the graph,displays the number of hours and days for which the vulnerabilities of very high severity level are opened.

Explore scan types and security scan type

Figure 6. Example Scan types in workflows and Security scan type charts.

Scan types in workflows: They indicate how many vulnerabilities are found per Scanner type. The gray column displays the number of workflows and the blue column displays the number of workflow runs. Vulnerabilities are classified by the following scanners:
- SAST
- Container
- DAST
- SCA
Vulnerabilities by security scan type: The number of unique vulnerabilities that are found per scanner type.

Explore SLA status and MTTR for vulnerabilities

Figure 7. Example SLA status overview by occurrences and MTTR for vulnerabilities occurrences charts.

SLA status overview by occurrences: The chart indicates the number of vulnerabilities that are on track, at risk, or breached. Please contact CloudBees Support to modify these settings.
MTTR for vulnerabilities occurrences: The chart displays the mean time to resolve the vulnerabilities.

Explore CWETM top 25 vulnerabilities

Figure 8. Example list of affected components for the selected vulnerability ID.

Select the number to the upper right of the top 25 high risk vulnerabilities, to display the components where the vulnerabilities are found:

Figure 9. Example list of the affected components.

If you select the arrow in the left, you can see the below data from the code base:

Figure 10. CWETM top 25 vulnerabilities.