Dashboard
Last updated
Last updated
Copyright ©2024 OX Security. All rights reserved.
At a glance: Review the Dashboard for a top-level view of your entire software development supply chain and the most recent scan results.
The Dashboard is the first page you see after logging in. You can also access it anytime from the OX side navigation menu.
The dashboard includes several components, each described in further detail below.
The What I am protecting component provides a summary of the applications detected by OX.
The Software supply chain PBOM (Pipeline Bill of Materials) component provides a graphical view of your entire software development pipeline, from beginning to end.
OSC&R (Open Software Supply Chain Attack Reference) is a structured view of adversaries' tactics, techniques, and procedures. While similar in structure to the MITRE ATT&CK matrix, it is the only framework focusing specifically on software supply chain attacks.
The horizontal axis of the grid details attacker behaviors, and the vertical axis details attacker techniques.
Each block displays the number of your organization's issues associated with that block's intersection of behaviors/techniques, broken down by severity.
Click on a block to view the Issues page pre-filtered by the issues relevant to that block.
Apps: Total number of apps discovered and scanned, not including irrelevant apps (see below).
Click this button to go to the Active applications page.
Irrelevant: The number of apps determined to be irrelevant. These apps are not scanned, and no results are reported for them.
Click the icon to go to the Irrelevant applications page.
What makes an app irrelevant?
The app's repo has been archived
The app is inaccessible for cloning
No relevant files are identified in the repo
There have been no code changes during the past 6 months
You have manually marked the app as irrelevant (from the Active applications page)
Category filters:
New = the number of apps first discovered during the timeframe selected in the date selector (1 week by default).
In development = the number of apps that had code changes during the timeframe selected in the date selector (1 week by default).
Deployed in production = the number of apps deployed to the cloud (both production and non-production environments).
Public code = the number of apps publicly visible from your repos.
Hover your mouse over any of these categories to see the 5 top apps included in the category by business priority. Click on any of these categories to filter the Dashboard display by that category.
Scanning stages:
Git posture
Code security
Secret/PII scan
Open source security
SBOM
Infrastructure as code scan
CI/CD posture
Container security
Artifact integrity
Cloud security
Security tools: A summary of the security tools discovered by OX for each scanning stage. These tools include those your organization has deployed and the OX platform's security tools
Coverage: Percentage of your applications covered by security tools at each scanning stage.
The coverage percentage includes applications scanned by tools connected to OX and OX platform tools.
Development & production infrastructure: A summary of the infrastructure systems discovered by OX. = discovered systems that your organization hasn't connected to OX
= discovered tools that your organization hasn't connected to OX