Project Dashboard

From this panel, Users can view the project-specific dashboard.

2498

Project Dashboard

In the upper left corner, you can view the software development platform, issue manager, and the notification tool used in the project. If no tools are associated with the project, users can add tools by clicking on the corresponding icons. There is also a comparison of the project risk score vs. the organization risk score.

The project risk score is calculated based on the total of new and recurrent vulnerabilities, which you can see in the vulnerability summary table consolidated tab below. Organization risk score reflects the average risk score of all projects, as shown in the main dashboard.

Issues: Indicates the total number of new and recurrent vulnerabilities that have been assigned an issue on the issue manager and remain open based on their severity categories.

Overdue: Displays the number of vulnerabilities that exceed their SLA.

WOE: Indicates the average time passed since discovering new and recurrent vulnerabilities based on their severity categories.

MTF: This shows the average time it takes to close the closed vulnerabilities based on their severity categories.

Users can display the following tables and charts;

Vulnerability Summary Table

1227

The table in this section shows the overall situation of all vulnerabilities. It is updated as new scans are completed, files are imported, or vulnerabilities are marked as false positives or won't fix.

Users can filter out vulnerabilities based on scanner types from the dropdown menu available in the upper right corner. Users can also click on the numbers in each row and see the details of vulnerabilities falling under each category.

The time filter on the table works as follows;

For new, recurrent, false-positive, and won't fix vulnerabilities, the filter checks the number of vulnerabilities with a first seen date between now and the date selected.

For closed vulnerabilities, the filter checks the number of vulnerabilities with a last seen date between now and the date selected.

The explanations of the fields in the table are as follows ;

New: Vulnerabilities that have been discovered for the first time in a scan. Vulnerabilities that have been closed and rediscovered are not classified as new but recurrent.

Recurrent: Vulnerabilities discovered at least in two or more consecutive scans. Vulnerabilities that have been closed and then rediscovered are also classified as recurrent.

Closed: The vulnerabilities were discovered in a scan and disappeared in the subsequent scans. If an issue tracker is used, even if a vulnerability is marked as closed on the issue tracker, Kondukto treats it as an existing vulnerability until it disappears in a subsequent scan.

Won't Fix: These are the type of vulnerabilities that are not false positives, but they are still worth the effort to fix. They are immediately excluded from all charts and metrics, just like false positive vulnerabilities.

False Positive: The vulnerabilities which have been discovered in a scan but have been marked as "false positive" by the user on Kondukto or on the scanner.

WOE By Severity

1223

This graph displays the distribution of new and recurrent vulnerabilities based on their aging and their severity categories.
In the tab that is available at the top right corner, it is possible to switch to WOE Top Ten tab to see 10 vulnerabilities with the highest window of exposure. Vulnerabilities can be filtered out based on scanner types from the dropdown menu available in the upper right corner.

Vulnerability Density

1223

This graph shows all the vulnerabilities discovered regardless of their status based on their CWE IDs, endpoints, or file/paths depending on the selection made in the dropdown menu in the top right corner.

The bigger the circle of a vulnerability is, the times it has been discovered. The numbers on the circles indicate the number of times the vulnerability has been found. Upon hovering over the vulnerability, details of the vulnerability are shown.

Vulnerabilities can be filtered based on different combinations of scanner types from the dropdown menu in the upper right corner. Clicking on a circle redirects the user to the details of vulnerabilities associated with that specific circle.

Severity categories can filter vulnerabilities by clicking on the severity categories on the left.

Vulnerabilities can also be filtered by their first seen dates for new and recurrent vulnerabilities and by their last seen dates for closed vulnerabilities using the time selector at the top.

Industry Standards Graph

1220

This graph displays the distribution of all vulnerabilities based on Owasp Top 10 and PCI DSS requirement categories.

When you select the Consolidated from the scanner type dropdown menu, results are shown by adding up all vulnerabilities discovered by all scanners regardless of their scanner type. In other tabs, results are displayed by adding up all vulnerabilities discovered by the scanners from the selected scanner type.

Vulnerabilities can also be filtered by their first seen dates for new and recurrent vulnerabilities and by their last seen dates for closed vulnerabilities using the time selector in the upper right corner.

Branch Comparison Graph

1224

This graph compares the findings of scanners by placing the branches scanned in the project on the X-axis and the severities of open (new and recurrent) vulnerabilities on the Y-axis. You can filter Vulnerabilities by scanner types from the dropdown menu in the upper right corner.

Scanner Comparison Graph

1216

This graph compares the findings of scanners by placing the scanners on the X-axis and the severities of open (new and recurrent) vulnerabilities on the Y-axis. Users can filter out vulnerabilities based on scanner types from the dropdown menu available in the upper right corner.

Severity Trend Graph

1223

This chart shows the evolution of the total number of new and recurrent vulnerabilities within a selected period. Upon selecting a specific scanner type from the dropdown menu in the upper right corner, the chart reflects the results based on the vulnerabilities discovered by the scanners only from that particular scanner type.

Risk Score Trend Graph

1221

This chart shows the project's risk score evolution within a selected period. Upon selecting a specific scanner type from the dropdown menu in the upper right corner, the chart reflects the results based on the vulnerabilities discovered by the scanners only from that particular scanner type.