Secure module widgets
learn about the different widgets available within the secure dashboard the secure dashboard view contains five widgets that, combined, provide a deep understanding of the vulnerabilities in these key security components secure alerts application summary license by severity static scan dependency check container vulnerability scan secure alerts secure alerts show github generated alerts when the codebase has dependencies with known vulnerabilities this graph consists of an information box containing the following elements the name of the technical service that triggered the alert the number of days since the alert was last opened the name of the application where the technical service alert was triggered the number of triggered alerts is based on your timeframe selection the severity of the alert by category critical dark red warning circle high red warning triangle medium orange condition wait point low sky blue inverted warning triangle the secure alerts widget has a clickable arrow in the top right corner to view the secure alerts dashboard application summary the application summary widget allows you to view vulnerabilities based on the following criteria the displayed data is governed by the date range selected from the timeframe in the header applications a timeframe for which to show data the application summary widget displays a graph representing the total number of vulnerabilities for security categories static scan, open source license compliance, dependency check, and container vulnerability scan added according to applications the application summary widget presents two axis that indicates the no of vulnerabilities detected within a specified period x axis (no of vulnerabilities) the x axis corresponds to the number of vulnerabilities detected in the selected period depending on the time you select, the bar graph changes in color based on the severity of the vulnerabilities detected by hovering over the graph, the following data is presented for each vulnerability category y value corresponds to a specific application (i e securedash) no of vulnerabilities the total number of vulnerabilities detected group one of the five severities categories is represented by the color pointed to y axis the y axis corresponds to the total number of applications the bars in the graph are colored based on the severity category critical dark red square high red square medium orange square low sky blue square oinfo green square license by severity the license by severity widget graph represents the total aggregated licenses detected according to day month timeline selection severities are classified into two categories critical and info graph data supports the selection of predetermined drop down menu applications and dashboards by default, it is for all technical services and applications by default, it represents the data for the last 7 days the license by severity widget presents two axis that indicates the total license detected within a specified period x axis ( months/dates ) the x axis corresponds to the month for which data in the bar graph is shown depending on the time you select, the bar graph changes in color based on the severity of the licenses detected by hovering over the graph, the following data is presented for each license severity group the severity that the licenses in a given group have months/range the cut out date for detected licenses total/value total number of licenses in a particular group y axis ( total license detected ) the y axis corresponds to the total number of licenses found for each severity within a given period by placing the cursor right above a bar, in alignment with the center of it, the following information is displayed dates the cut out date for detected licenses critical total number of licenses detected and classified as critical severity info total number of licenses detected and classified as info severity total the total number of licenses from all severities the license by severity widget has a clickable arrow in the top right corner to view the open source license compliance dashboard static scan the static scan widget represents the total number of vulnerabilities aggregated according to day month timeline selection for static scan only graph data supports selecting predetermined applications and dashboards from the drop down menu by default, it is set to all applications and technical services this graph also supports a predetermined day month timeline selection, which represents the data for the last 7 days by default the static scan widget presents two axis that indicates the no of vulnerabilities detected within a specified period x axis ( duration ) the x axis corresponds to the months and dates from the period selected to show data the bars in the graph are colored based on the severity category critical dark red square high red square medium orange square low sky blue square info green square y axis ( total vulnerabilities ) the y axis corresponds to the number of vulnerabilities detected in the selected period by hovering over the bars in the graph, you can view data about the total number of vulnerabilities detected and the severity they belong to, as follows group the severity of the vulnerabilities date/range the cut out date the vulnerability was detected value the total number of vulnerabilities detected static scan analyzes your source code to identify any security vulnerabilities susceptible to attack the static scan feature supports the use of tools such as sonarqube the static scan widget has a clickable arrow in the top right corner to view the static scan dashboard dependency check the dependency check widget displays the total number of vulnerabilities detected within a project dependency this graph also supports a predetermined day month timeline selection, which represents the data for the last 7 days by default the dependency check widget presents two axis that indicates the total number of dependency vulnerabilities detected x axis ( duration ) the x axis corresponds to the months and dates from the period selected to show data y axis ( total vulnerabilities ) the y axis corresponds to the number of vulnerabilities detected within a project dependency by hovering over the bars in the graph, you can view data about the total number of vulnerabilities detected, as follows group the severity of the vulnerabilities date/range the cut out date the vulnerability was detected value the total number of vulnerabilities detected dependency check widget elicits project dependencies and scans for any known vulnerabilities the dependency check feature supports the use of tools such as dependency track the dependency check widget has a clickable arrow in the top right corner to view the dependency check dashboard container vulnerability scan the container vulnerability scan widget displays the total number of vulnerabilities detected within a container image this graph also supports a predetermined day month timeline selection, which by default represents the data for the last 7 days the container vulnerability scan widget presents two axis that indicates the total number of container vulnerabilities detected x axis ( duration ) the x axis corresponds to the months and dates from the period selected to show data y axis ( total vulnerabilities ) the y axis corresponds to the number of vulnerabilities detected within a container image the vulnerabilities and security issues discovered from various security tools would be mapped into the following five severities critical is the highest and info is the lowest from an overall risk scoring perspective if the security uses different severities/names other than the following, the mapping will be done based on the order of the severity critical dark red square high red color medium orange square low sky blue square info green square by hovering over the bars in the graph, you can view data about the total number of vulnerabilities detected, as follows group the severity of the vulnerabilities date/range the cut out date the vulnerability was detected value the total number of vulnerabilities detected the container vulnerability scan feature supports using tools such as ibm vulnerability advisor the widget has a clickable arrow in the top right corner to view the container vulnerability scan dashboard