Code Security Dashboard

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
L1 Bithead

By Gilad Mark, Senior Product Manager

 
We understand the importance of providing users with a global view and actionable workflow for reducing security issues in their code. This can be achieved by giving users summary insights and a way to prioritize security concerns effectively. Introducing the Code Security Dashboard! The new Dashboard comes with brand-new graphs that cater to these needs:
 
  • Summary insights - (“What is the current status of my Code Security posture?“)
    1. Errors by Severity - The error count overall and by severity.
    2. Top Repositories by High-Risk Code Error Count - The top 7 repositories by High and Critical error count.
    3. IaC Errors by Category - The portion and count of errors by IaC category.

 

  • CCS impact over time (30 days) - (“How are my development teams interacting with CCS guardrails I set for detection and enforcement?“)
    1. Code issues over time - Track how your development teams are improving as they interact with CCS guardrails for detection and enforcement. (Currently for repository default branch periodic scans only, Vulnerabilities are excluded)
    2. Pull Requests over time -  Analyze the impact of Enforcement rules on new code deliveries. Observe the adoption of secure coding practices over time, including the reduction of failed PRs.

 

 

  • Use-case driven - (“What are the urgent and common issues my organization is facing at the moment?“)
    1. Common Errors By Policy - View the most common errors related to IaC misconfigurations, secrets, and license policies.
    2. Top Non-compliant Package Licenses - Identify the most frequently occurring non-compliant package licenses.
    3. Top CVSS Score Code Vulnerabilities - Discover and prioritize the highest-scoring code vulnerabilities based on the CVSS score.
Navigation:
 
  1. Dashboard -> Code Security

 

In addition to these graphs, the Code Security Dashboard includes advanced features:
 
  1. Links to the Projects and Policies screens for further investigation
  2. Last scan time information
  3. Interest points (“events”) for over-time trends that can explain trend changes
    1. The number of repositories added
    2. The number of repositories with Enforcement added/removed
  4. Filters (Repository, Code Category, Severity)
 
Note that access to the Code Security dashboard is also supported in Custom Permission Groups (GRBAC)
 

 

 

Figure 1:  Code Security Dashboard Demo_Palo-Alto-Networks

 

dash1.png

Figure 2:  Code Security Dashboard_Palo-Alto-Networks

 

dash2.png

Figure 3:  Last Scan Information_Palo-Alto-Networks

 

dashedit.png

Figure 4:  Edit Chart Settings_Palo-Alto-Networks

 

  • 1874 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels