Secure SDLC Governance Dashboard
view a tabular presentation of secure tool details devops security concerns are addressed in large part by supplemental tools used by your team to expose potential vulnerabilities and to understand the range and nature of remedial actions to prevent security breaches the secure dashboard provides reports and scoring to assist security assessments using data accumulated from these tools the secure sdlc governance dashboard presents a table with six columns applications name the name given to the application associated with a set of security tools at the time the application was created security champion the e mail address of the designated security champion for the application maturity assessment report a link to a sharepoint site containing a report with data regarding the application, aggregated from the security tools composing the application last maturity assessment the last date an assessment was made using the tools associated with the application maturity assessment score a relative security health score assigned by the application based on data collected by the tools associated with the application; lower scores are associated with greater security vulnerability a minimum score of 8 is deemed acceptable scores lower than 8 appear in red, and scores of 8 or higher appear in black security tools a list of security tools associated with the application secure sdlc governance dashboard setup the secure sdlc governance dashboard presents data acquired by security tools associated with a defined application the application is defined using the application configuration feature the feature prompts you for specific information such the application name, the tools you are using for each phase in the sdlc (in this case security) and the security champion use the following procedure list all your security applications classify them by logical use for example, if you have some security tools that you use for user management and other tools for resource management, classify them accordingly these classifications form the applications you will create in the application configuration feature refer to application configuration docid\ oabxjrtppysz1mjo1r2iv create an insights controller token navigate to settings and utilities → tools configuration click the bring your own tools tab the service defaults to the create new token tab enter a name for your token in the name field select insights controller for token type click create call the insight controller api to enable your maturity reports by default, the dashboard shows only services that contain vulnerabilities, which means not all services are displayed click the show all toggle to display all services for selected applications, regardless of vulnerability