Dashboard

At a glance: Review the Dashboard for a top-level view of your entire software development supply chain and the most recent scan results.

Overview

The Dashboard is the first page you see after logging in. You can also access it anytime from the side navigation menu.

Dashboard components

The dashboard includes several components, each described in further detail below.

What I am protecting

The What I am protecting component provides a summary of the applications detected by OX.

Apps: Total number of apps discovered and scanned, not including irrelevant apps (see below).

Click this button to go to the Active applications page.

Irrelevant: The number of apps determined to be irrelevant. These apps are not scanned, and no results are reported for them.

Click the icon to go to the Irrelevant applications page.
What makes an app irrelevant?
- The app's repo has been archived
- The app is inaccessible for cloning
- No relevant files are identified in the repo
- There have been no code changes during the past 6 months
- You have manually marked the app as irrelevant (from the Active applications page)

Category filters:

New = the number of apps first discovered during the timeframe selected in the date selector (1 week by default).
In development = the number of apps that had code changes during the timeframe selected in the date selector (1 week by default).
Deployed in production = the number of apps deployed to the cloud (both production and non-production environments).
Public code = the number of apps publicly visible from your repos.

Hover your mouse over any of these categories to see the 5 top apps included in the category by business priority. Click on any of these categories to filter the Dashboard display by that category.

Software supply chain PBOM

The Software supply chain PBOM (Pipeline Bill of Materials) component provides a graphical view of your entire software development pipeline, from beginning to end.

Scanning stages:

Git posture
Code security
Secret/PII scan
Open source security
SBOM
Infrastructure as code scan
CI/CD posture
Container security
Artifact integrity
Cloud security

Development & production infrastructure: A summary of the infrastructure systems discovered by OX. = discovered systems that your organization hasn't connected to OX

Security tools: A summary of the security tools discovered by OX for each scanning stage. These tools include those your organization has deployed and the OX platform's security tools

= discovered tools that your organization hasn't connected to OX

Coverage: Percentage of your applications covered by security tools at each scanning stage.

The coverage percentage includes applications scanned by tools connected to OX and OX platform tools.

OSC&R coverage

OSC&R (Open Software Supply Chain Attack Reference) is a structured view of adversaries' tactics, techniques, and procedures. While similar in structure to the MITRE ATT&CK matrix, it is the only framework focusing specifically on software supply chain attacks.

The horizontal axis of the grid details attacker behaviors, and the vertical axis details attacker techniques.
Each block displays the number of your organization's issues associated with that block's intersection of behaviors/techniques, broken down by severity.
Click on a block to go to a filtered view of the Issues page showing the issues relevant to that block.

Last updated 9 days ago