Monitor and analyze your security scan results through the security insights dashboard to identify vulnerabilities, track resolution progress, and assess security posture across components. The dashboard provides comprehensive views of scan results, SLA compliance, and vulnerability trends to help you prioritize and manage security issues effectively.
| If you are using CI Multibranch Pipelines, you must configure your Jenkinsfile to install the scanner, run it, and display the report to display scanning data in security insights. |
|
Use the following features to access the data on this dashboard:
|
Access security insights dashboard
To access the security insights dashboard:
-
Select .
The security insights dashboard loads with default filtering showing all components and the last seven days of data.
Filter dashboard data
Select components and the time frame of data for analysis in the security insights dashboard.
To filter the dashboard data:
-
Select FILTER.
-
Select one or more Components from the options.
-
Select a Duration from the following options:
Table 1. Duration filter definitions Duration Definition Current week
Current week in the month, Monday to Sunday schedule. For example, if current day is Tuesday, only data from Monday and Tuesday are displayed.
Previous week
Previous week in the month, Monday to Sunday schedule.
Two weeks back
Two weeks prior in the month, Monday to Sunday schedule.
Current month
First day of current month up to current day.
Previous month
First day to last day of previous month.
Two months back
First day to last day of two months prior.
Last 7 days
The past seven days.
Last 30 days
The past 30 days.
Last 90 days
The past 90 days.
Custom range
-
Select APPLY.
The data are filtered accordingly and displayed in the security insights dashboard.
Customize the dashboard
Customize the dashboard to display only the charts and tables that matter the most to you.
|
Only charts and tables with |
To customize the dashboard:
-
Select Analytics on the left pane, and then select the dashboard.
-
Select
on the top right of the dashboard. -
Select Edit dashboard.
-
(Optional) Remove a chart or table from the dashboard.
-
Select
next to the chart or table you want to remove. -
Select Save.
-
-
(Optional) Add back a chart or table to the dashboard.
-
Select Add chart/table to display a list of the available charts or tables.
-
Select Add to dashboard next to the item to add.
-
Select Apply.
-
-
(Optional) Rearrange items on the dashboard by dragging them into place.
The dashboard is customized accordingly.
Analyze components and workflow data
Get an overview of components, workflows, and workflow runs for the filtered component data in a specified time frame.
The components, workflows, and workflow runs charts include total numbers and those with and without scanning:
Each chart displays the following details (highlighted in the Components chart):
-
Total number
-
A donut chart of percentages with and without scanners
-
Number with associated scanners
-
Number without associated scanners
| The Components chart also displays the number of associated repositories, and the Workflows chart displays the number of associated branches. |
View components details
To view components details:
-
Select a number in the components chart.
The system displays a list showing:
-
Component name
-
Repository URL
-
Status
-
Last activity date and time
| If you select a section of the donut chart, or the active or inactive numbers, the data displayed is for only that subset of components. |
In the components list, perform any of the following:
-
Select FILTER to filter by scanner type.
Figure 2. Filtering the component list with scanners only. -
Search for specific components by entering all or part of a component name into Search.
-
Select a component name to display runs from that component in a new browser tab.
View workflows details
To view workflows details:
-
Select a number in the workflows chart.
The system displays a list showing:
-
Workflow name
-
Component name
-
Branch name
-
Status
-
Last activity date and time
| If you select a section of the donut chart, or the numbers with or without scanners, the data displayed is for only that subset of workflows. |
In the workflows list, perform any of the following:
-
Select FILTER to filter with scanners or without scanners.
-
Search for specific workflows by entering all or part of a workflow name, component name, or branch into Search.
-
Select a component name to display runs from that component in a new browser tab.
View workflow runs details
To view workflow runs details:
-
Select a number in the workflow runs chart.
The system displays a list showing:
-
Run ID
-
Workflow name
-
Component name
-
Branch name
-
Scanner name, if present, or No scanners alert
-
Scanning status
| If you use scanners for workflow runs, the scan status displays as Scanned or Not scanned. Otherwise, the scan status displays as Not applicable. If you select a section of the donut chart, or the numbers with or without scanners, the data displayed is for only that subset of workflow runs. |
In the workflow runs list, perform any of the following:
-
Select FILTER to filter with scanners or without scanners.
-
Search by entering all or part of a workflow name, component name, or branch into Search.
-
Select a run ID to display run detail in a new browser tab.
-
Select a component name to display runs from that component in a new browser tab.
Examine vulnerability overview
Get an overview of vulnerabilities for the filtered component data in a specified time frame. A unique code signature defines each vulnerability. In this way, you can track issues over time, and recurring issues are not treated as newly found.
CloudBees Unify can detect fixed vulnerabilities. When a vulnerability is detected as fixed, the following occurs:
-
The status is updated to Resolved.
-
The timestamp of first discovery time is cleared.
-
The current scan time is taken to be the resolved time.
Vulnerabilities are divided into four different status groups:
| Status group | Vulnerability detected in: | |
|---|---|---|
Current scan |
Previous scan |
|
Found |
Yes |
No |
Reopened |
Yes |
Marked resolved |
Resolved |
No |
Yes (last known status open or reopened) |
Open |
Yes |
Yes |
The Vulnerabilities overview provides the number of vulnerabilities grouped by status:
The overview includes the following:
-
Total Found, Reopened, Resolved, and Open vulnerabilities. Select a total to display details for just that vulnerability status group.
-
Hover over a date to display the number of vulnerabilities in each status for that date, or select it to display the details for vulnerabilities on that date.
Investigate vulnerability details
To investigate specific vulnerability details:
-
Select vulnerability status totals or dates in the vulnerabilities overview chart.
The system displays vulnerability details including:
-
Vulnerability ID
-
First discovered date and time
-
Vulnerability name
-
Status
-
Severity: Rated by the security tool as Low, Medium, High, or Critical.
-
Number of impacted components
In the vulnerability details list, perform any of the following:
-
Select FILTER to filter by status.
-
Search by entering all or part of one of the following into Search:
-
Vulnerability ID
-
Vulnerability name
-
First discovered date and time
-
Severity
-
-
Select the
next to a vulnerability ID to display a table showing:-
Last discovered date and time
-
Component name: select to display runs from that component in a new browser tab.
-
Branch name
-
Scanner name
-
Number of occurrences
-
SLA status
-
Vulnerability status
Figure 4. Vulnerabilities list with a highlighted icon to open the table.
-
Monitor vulnerability age and severity
The ages of open and reopened vulnerabilities for the filtered component data in a specified time frame are plotted on box and whisker plots, grouped by severity, and display the data distribution through their quartiles.
How to interpret the box plots:
-
The plot box for a given severity group represents the middle 50% of vulnerability ages.
-
The bisecting line of the box represents the median age.
-
The plot whiskers represent the minimum and maximum ages for that severity group.
Open and reopened vulnerabilities includes the following:
-
Total Critical, High, Medium, and Low severities of vulnerabilities. Select a total to display details for just that severity group.
-
The Critical box plot has a small spread, indicating that the issues of this severity are resolved promptly.
-
The Medium box plot has a wide spread, indicating that issues of this severity sometimes have a delayed resolution.
-
Hover over a severity group to display the minimum, median, and maximum days open, or select it to display details for just the vulnerabilities at that severity level.
View open and reopened vulnerability details
To view detailed information about open and reopened vulnerabilities:
-
Select severity totals or box plots in the open and reopened vulnerabilities chart.
In the details list, perform any of the following:
-
Select FILTER to filter by severity.
-
Search by entering all or part of one of the following into Search:
-
Vulnerability ID
-
First discovered date and time
-
Vulnerability name
-
Severity
-
-
Select the
next to a vulnerability ID to display the following for that vulnerability:-
Last discovered date and time
-
Component name: select to display runs from that component in a new browser tab.
-
Branch name
-
Scanner name
-
Number of occurrences
-
SLA status
-
Review scan type coverage
Get an overview of scan types in workflows for the filtered component data in a specified time frame.
The scan types are the following:
Scan types in workflows provides the number of workflows and runs grouped by scan type:
To review scan type coverage:
-
Hover over a scan type to display the number of workflows and runs with that type.
-
Select either a workflow or a runs bar to display a list of scan details.
View scan details
To view detailed scan information:
-
Select workflow or run bars in the scan types chart.
The scan details list includes:
-
Build number
-
Workflow name
-
Component name
-
Branch name
-
Scan type: Container, DAST, SAST, or SCA.
-
Scanner name
Perform any of the following:
-
Select FILTER to filter by scan type.
-
Search by entering all or part of one of the following into Search:
-
Workflow name
-
Component name
-
Branch name
-
Scan type: Container, DAST, SAST, or SCA.
-
Scanner name
-
-
Select a Build # to display the run details in a new browser tab.
Analyze vulnerabilities by scan type
Get an overview of vulnerabilities grouped by scan type for the filtered component data in a specified time frame.
The vulnerabilities by security scan type chart displays the number of vulnerabilities, grouped by scan type:
To analyze vulnerabilities by scan type:
-
Review total vulnerabilities with Container, DAST, SAST, or SCA scan types. Select a total to display a list of vulnerability details for just that scan type.
-
Hover to display the number of vulnerabilities in a given scan type, grouped by severity.
-
Select a bar on the graph to display vulnerability details for just that scan type and severity.
View vulnerability details by scan type
To view vulnerability details filtered by scan type:
-
Select scan type totals or bars in the vulnerabilities by scan type chart.
The list of vulnerability details displays the following:
-
Vulnerability ID
-
First discovered date and time
-
Vulnerability name
-
Severity: Rated by the security tool as Low, Medium, High, or Critical
-
Scan type
-
Number of impacted components
In the list, perform any of the following:
-
Select FILTER to filter by scan type and/or severity.
-
Search by entering all or part of any column item (except for Number of impacted components) into Search.
-
Select the
next to a vulnerability ID to display the following for that vulnerability:-
Last discovered date and time
-
Component name: select to display runs from that component in a new browser tab.
-
Branch name
-
Scanner name
-
Number of occurrences
-
SLA status
-
Vulnerability status
-
Track SLA compliance
Get an overview of vulnerability occurrence and SLA status for the filtered component data in a specified time frame.
All open vulnerabilities are grouped by SLA status, defined as how long each has remained unresolved:
-
On track: Open less than two days.
-
At risk: Open more than two days but less than three days.
-
Breached: Open three days or more, which exceeds the allowed SLA resolution time.
All resolved vulnerabilities are grouped by SLA status, defined as how long each remained unresolved:
-
Within SLA: Resolved within three days.
-
Breached: Resolved after three days or more, which exceeds the allowed SLA resolution time.
The SLA status overview by occurrences chart provides the number of vulnerabilities grouped by their status and their SLA status:
The overview includes the following:
-
Totals of Open vulnerabilities by SLA status.
-
Totals of Resolved vulnerabilities by SLA status.
To track SLA compliance:
-
Select a bar on the chart to display details for just that status group.
View SLA status details
To view detailed SLA information:
-
Select SLA status bars in the SLA overview chart.
The list of SLA status details includes the following:
-
First discovered date and time
-
Vulnerability name
-
Component name
-
Severity: Rated by the security tool as Low, Medium, High, or Critical.
-
SLA status
-
Vulnerability status
In the list, perform any of the following:
-
Select FILTER to filter by SLA status.
-
Search by entering all or part of any column item into Search.
Evaluate mean time to resolve (MTTR)
The mean time to resolve (MTTR) is a metric to track how long it takes to fix vulnerabilities. MTTR is calculated as the time in hours from the time of first discovery of a vulnerability to the time of the scan when it is marked Resolved. Get an understanding of the MTTR for vulnerabilities (grouped by severity) for the filtered component data in a specified time frame.
| All vulnerabilities included in the MTTR data must be marked as resolved by a scan and must have a valid first discovery date and time. |
The MTTR for vulnerabilities chart displays the MTTR of vulnerabilities, grouped by severity:
To evaluate MTTR:
-
Review MTTRs grouped by severity, as rated by the security tool: Critical, High, Medium, or Low. Select an MTTR to display its details.
-
Hover over a date to display the MTTR by severity. Select a bar on the chart to display the details list for that date and severity.
View MTTR details
To view detailed MTTR information:
-
Select MTTR totals or bars in the MTTR chart.
The details list includes the following:
-
Vulnerability ID
-
First discovered date and time
-
Average resolution time
-
Severity
-
Resolved areas
Perform the following in the details list:
-
Select FILTER to filter by severity.
-
Search by entering all or part of any column item (except for Resolved areas) into Search.
-
Select the
next to a vulnerability ID to display the following for that vulnerability:-
Last discovered date and time
-
Component name: select to display runs from that component in a new browser tab.
-
Branch name
-
Scanner name
-
Resolution time
-
SLA status
-
Examine CWE Top 25 vulnerabilities
The Common Weakness Enumeration (CWE™) Top 25 is a community-developed list of common software weaknesses. Get an understanding of components impacted by any of the CWE Top 25 vulnerabilities for the filtered component data in a specified time frame.
The CWE Top 25 chart displays the following:
-
CWE ID
-
Vulnerability name
-
Number of impacted components
To examine CWE Top 25 vulnerabilities:
-
Select a component number to display CWE Top 25 occurrences details.
View CWE Top 25 occurrences details
To view detailed information about CWE Top 25 vulnerability occurrences:
-
Select component numbers in the CWE Top 25 chart.
The CWE Top 25 details display:
-
Vulnerability ID
-
First discovered date and time
-
Vulnerability name
-
Severity
-
Number of impacted components
Perform the following:
-
Select FILTER to filter by vulnerability ID.
-
Search by entering all or part of any column item (except for Number of impacted components) into Search.
-
Select the
next to a vulnerability ID to display:-
Last discovered date and time
-
Component name
-
Branch name
-
Scanner name
-
Number of occurrences
-
SLA status
-
-
Select a component name to display runs from that component in a new browser tab.
-
Select an occurrence number to display the following:
-
Repository URL: select to go to the URL.
-
Locations (file name and line numbers)
-
Message
-
Compare metrics
Use this feature to compare metrics among all organizations in the tenant. You can compare metrics within select charts in the analytics dashboards. In the generated list of all organizations, sort by the organization name or its status. Select an organization to drill down to the component level to display a more fine-grained status list. Hover over a status item to display more information.
|
You can only compare metrics for charts with |
To compare metrics:
-
Select Analytics on the left pane, and then select a dashboard.
-
Select any
on the upper right of a chart to display the list of organizations and their status.The number of items in the compare metrics list equals the total displayed in the chart. -
(Optional) Hover over a status to display more information.
-
(Optional) Select
or
next to a column heading to sort on that heading. -
(Optional) Select an organization to list more information about each child organization and/or component within that organization.
-
(Optional) Select a child organization to list more details about each child organization and/or component within that child organization.
The list of the status of all organizations and components for the specific metric is displayed.
Troubleshoot security insights issues
Address common issues when Security insights data is not appearing or appears incomplete in the dashboard.
Missing scanner results
Security insights require properly configured security scanners that publish results in supported formats.
Problem: Security insights show no scan results
Solution: Check that security scanners publish results in supported formats and that workflow runs complete successfully. Verify scanner configuration and output formatting.
To resolve missing scanner results:
-
Review workflows that should include security scanning.
-
Confirm security scanners publish results in supported formats (SARIF, JSON).
-
Check that workflow runs complete successfully with security scanning steps.
-
Verify scan results appear in workflow run details after execution.
Security insights populate automatically when workflows execute with proper security scanning configuration.
Invalid scanner result formats
Security scanners must produce results in formats that CloudBees Unify can process.
To check scanner result formatting:
-
Review scanner output in completed workflow runs.
-
Verify scan results follow SARIF or JSON format specifications.
-
Check scanner documentation for output format configuration options.
-
Ensure scanner results are properly uploaded to workflow artifacts.
Incompatible result formats prevent security insights from populating.