Dashboard
The Dashboard is the first page you see when you login to https://in.xygeni.io/auth/login
The dashboard enables users to:
View the security posture of the organization, globally and at the project / project group level. Based on a risk level, the current state and the recent changes in strength against software supply-chain attacks could be identified.
View security issues for each kind (suspect dependencies, hardcoded secrets, misconfigurations, behavior anomalies, IaC flaws). Manage each issue with actionable operations for fixing the issue or mitigating its impact.
View the compliance of software with the standards and guidelines setup by the organization. Explore trends in the risk level and its factors influencing it.
Depending on the project or group of projects selected at the Project Selector, you will see:
Dashboard (for a group of projects)
The Dashboard for a group of projects is shown in below image.
Risk Score
The Risk Score (or Risk Level, RL for short) is a quantitative measure of the current risk with software supply chain attacks, and models the security posture of the DevOps system, according to the scans performed by the Xygeni platform.
In the Xygeni Dashboard, Risk Level is shown, along with the variation with respect to projects' current baseline.
RL is a function of the issues found for the project, with range the interval [0, 100], computed at the project level. When a project has no (detected) issues, its RL is zero. Higher values for RL are worse.
The RL is qualified in three categories that make more evident how good or bad is the risk for the organization. Each category is encoded with a color following the "semaphore" scheme:
Low: RL between 0 and 33, green color.
Moderate: RL between 33 and 66, yellow color.
High: RL between 66 and 100, blood-red color.
It also show the variation with respect to projects' current baseline.
See Risk Level for further information and details.
Issues, Anomalous activities and Compliance
Additionally to Risk Level, the Dashboard also shows figures and trends for:
Security issues: represent misconfigurations, flaws or anomalies that increase the risk of the software platform related to a software supply chain attack.
Anomalous activity: events represent user actions in the tools or over the critical files that are out of the typical pattern of actions learned for the project.
Compliance Assessment checks: compliance with Software Supply-Chain Security standards and guidelines
Clicking on "View Details" link will take you to the details of every subject.
Projects by Risk
You can see a Ranking of Projects ordered by Risk Level.
Every row shows details about:
Risk Level
Variation from last baseline
Issues by severity
Total # of issues
Issues by type (secrets, ci/cd misconfigurations, malware, etc)
Comparison Groups
Instead of ranking individual projects, you can also view rankings per Group of Projects.
The grouping factors are Custom Properties that you can define for your projects. See Custom Properties for further detail.
For example, by selecting CI/CD Architecture, you will see data for projects using Jenkins, BitBucket, GitHub, etc.
Dashboard (single project)
If you have selected a single project in the Project Selector, there are some differences with the Dashboard for a group of projects:
Risk Level, Issues, Anomalous Activities and Compliance follows the same meaning that for a group of projects, but applied only to the selected project.
There are new sections that shows an overview panel (or the full graph) of the Inventory for the selected project
You can download the SBOM for the selected project.
The bottom panel shows aggregated information about the assets of the project. See Inventory (panel and slides) for further details.
Last updated