Secure alerts show GitHub-generated alerts when the codebase has dependencies with known vulnerabilities. This graph consists of an information box containing the following elements:
The name of the technical service that triggered the alert.
The number of days since the alert was last opened.
The name of the application where the technical service alert was triggered.
The number of triggered alerts is based on your timeframe selection.
The severity of the alert by category:
Critical:
Dark red warning circle.
High:
Red warning triangle.
Medium:
Orange condition wait point.
Low:
Sky blue inverted warning triangle.
The Secure alerts widget has a clickable arrow in the top right corner to view the Secure alerts dashboard.
Application summary
The Application Summary widget allows you to view vulnerabilities based on the following criteria:
The displayed data is governed by the date range selected from the timeframe in the header.
Applications.
A timeframe for which to show data.
The Application Summary widget displays a graph representing the total number of vulnerabilities for Security categories: Static scan, Open-source license compliance, Dependency Check, and Container vulnerability scan added according to applications. The Application Summary widget presents two axis that indicates the
No. of Vulnerabilities
detected within a specified period:
X-Axis (
No. of Vulnerabilities
): The X-axis corresponds to the number of vulnerabilities detected in the selected period. Depending on the time you select, the bar graph changes in color based on the severity of the vulnerabilities detected. By hovering over the graph, the following data is presented for each vulnerability category:
Y-value:
Corresponds to a specific Application (i.e.SecureDash).
No. Of Vulnerabilities:
The total number of vulnerabilities detected.
Group:
One of the five severities categories is represented by the color pointed to.
Y-Axis: The Y-axis corresponds to the total number of applications. The bars in the graph are colored based on the severity category:
Critical: Dark red square.
High: Red square.
Medium: Orange square.
Low: Sky blue square.
oInfo: Green square.
License by severity
The License by Severity widget graph represents the total aggregated licenses detected according to day-month timeline selection. Severities are classified into two categories:
Critical
and
Info
. Graph data supports the selection of predetermined Drop-down menu Applications and Dashboards. By default, it is for all technical services and applications. By default, it represents the data for the last 7 days. The License by severity widget presents two axis that indicates the **Total License Detected** within a specified period:
X-Axis (
Months/Dates
): The X-axis corresponds to the month for which data in the bar graph is shown. Depending on the time you select, the bar graph changes in color based on the severity of the licenses detected. By hovering over the graph, the following data is presented for each license severity:
Group
: The severity that the licenses in a given group have.
Months/Range
: The cut-out date for detected licenses.
Total/Value
: Total number of licenses in a particular group.
Y-Axis (
Total License Detected
): The Y axis corresponds to the total number of licenses found for each severity within a given period. By placing the cursor right above a bar, in alignment with the center of it, the following information is displayed:
Dates
: The cut-out date for detected licenses.
Critical
: Total number of licenses detected and classified as Critical severity.
Info
: Total number of licenses detected and classified as Info severity.
Total
: The total number of licenses from all severities.
The License by severity widget has a clickable arrow in the top right corner to view the Open-source license compliance dashboard.
Static scan
The Static scan widget represents the total number of vulnerabilities aggregated according to day-month timeline selection
for Static scan
only. Graph data supports selecting predetermined Applications and Dashboards from the Drop-down menu. By default, it is set to all Applications and technical services. This graph also supports a predetermined day-month timeline selection, which represents the data for the last 7 days by default.
The Static scan widget presents two axis that indicates the
No. of Vulnerabilities
detected within a specified period:
X-Axis (
Duration
): The X-axis corresponds to the months and dates from the period selected to show data. The bars in the graph are colored based on the severity category:
Critical: Dark red square.
High: Red square.
Medium: Orange square.
Low: Sky blue square.
Info: Green square.
Y-Axis (
Total Vulnerabilities
): The Y-axis corresponds to the number of vulnerabilities detected in the selected period. By hovering over the bars in the graph, you can view data about the total number of vulnerabilities detected and the severity they belong to, as follows:
Group
: The severity of the vulnerabilities.
Date/Range
: The cut-out date the vulnerability was detected.
Value
: The total number of vulnerabilities detected.
Static scan analyzes your source code to identify any security vulnerabilities susceptible to attack. The Static scan feature supports the use of tools such as SonarQube. The Static scan widget has a clickable arrow in the top right corner to view the Static scan dashboard.
Dependency check
The Dependency Check widget displays the total number of vulnerabilities detected within a project dependency. This graph also supports a predetermined day-month timeline selection, which represents the data for the last 7 days by default.
The Dependency Check widget presents two axis that indicates the total number of dependency vulnerabilities detected:
X-Axis (
Duration
): The X-axis corresponds to the months and dates from the period selected to show data.
Y-Axis (
Total Vulnerabilities
): The Y-axis corresponds to the number of vulnerabilities detected within a project dependency.By hovering over the bars in the graph, you can view data about the total number of vulnerabilities detected, as follows:
Group
: The severity of the vulnerabilities.
Date/Range
: The cut-out date the vulnerability was detected.
Value
: The total number of vulnerabilities detected.
Dependency Check widget elicits project dependencies and scans for any known vulnerabilities. The Dependency Check feature supports the use of tools such as Dependency-Track. The Dependency Check widget has a clickable arrow in the top right corner to view the
Dependency Check
dashboard.
Container vulnerability scan
The Container vulnerability scan widget displays the total number of vulnerabilities detected within a container image. This graph also supports a predetermined day-month timeline selection, which by default represents the data for the last 7 days.
The Container vulnerability scan widget presents two axis that indicates the total number of container vulnerabilities detected:
X-Axis (
Duration
): The X-axis corresponds to the months and dates from the period selected to show data.
Y-Axis (
Total Vulnerabilities
): The Y-axis corresponds to the number of vulnerabilities detected within a container image.The vulnerabilities and security issues discovered from various Security tools would be mapped into the following five severities: Critical is the highest and Info is the lowest from an overall risk scoring perspective. If the security uses different severities/names other than the following, the mapping will be done based on the order of the severity:
Critical: Dark red square.
High: Red color.
Medium: Orange square.
Low: Sky blue square.
Info: Green square.
By hovering over the bars in the graph, you can view data about the total number of vulnerabilities detected, as follows:
Group
: The severity of the vulnerabilities.
Date/Range
: The cut-out date the vulnerability was detected.
Value
: The total number of vulnerabilities detected.
The Container vulnerability scan feature supports using tools such as IBM Vulnerability Advisor. The widget has a clickable arrow in the top right corner to view the Container vulnerability scan dashboard.