OX Security Documentation
Book a Demo
Search
⌃K
Links

Dashboard

See how OX security scans the systems, displays the output and delivers security-led insights
After logging in successfully, you will land on the dashboard page. The dashboard can also be accessed by clicking the dashboard menu item from the side menu. The dashboard gives you a complete overview of the scan performed on the system. The scan discovers the repositories/apps from your system and identifies threats in them.
The data in the dashboard is displayed based on the filters from the top menu bar.

Dashboard

The dashboard is divided into 4 different sections. Each section gives information regarding the different aspects of security-
  • What I am protecting
  • Security status
  • Infrastructure and security systems
  • Top issues

What I am protecting

This section gives you an overview of what you need to protect. It shows how many applications you have, and some useful statistics on them. You can use the statistics buttons to scope your view to a specific subset.
What I am protecting
  • Apps/repositories filter shows the count of apps discovered and scanned
  • To help you focus on the security findings that can have the biggest impact, we automatically identify which applications are irrelevant, and exclude them from the scan.
    • The irrelevant apps count indicates the apps that were found as not relevant for scan. We are not including any results for those applications.
    • The apps are marked as irrelevant based on the following:
      • Whether the repos are archived
      • Whether the apps don't have access for cloning
      • Whether no relevant files are identified in the repo
      • Whether there were no code changes in the past 6 months
      • Whether the user manually marked the repo as irrelevant
  • New - This filter shows all newly created apps, created in the scope of the view (by default 1 week).
  • In development - This filter shows all apps that had code changes in the scope of the view (by default 1 week).
  • Deployed on production - This filter shows all the apps we identified as deployed to your cloud.
  • Public code - This filter shows all the public repositories.

Infrastructure and security systems

Under the infrastructure and security section, we show the systems discovered on the customer environment and the effective coverage of the security tools.

Coverage

In this widget you can view your coverage status. OX presents the security coverage of security tools you already deployed, and the coverage of additional security tools activated by OX.
OX present the security coverage for: Secret search, Static Application Security Testing (SAST), Software composition analysis (SCA), Infrastructure as Code (IaC) and Cloud security posture management (CSPM).
In the following example, the coverage for secret search by OX is 57%.
Coverage

Systems identified

Here we list the customer systems identified by OX during scan.
Identified systems
After scanning, , OX discovers your source control: GitLab, CI/CD tools, and different security tools.
The yellow icon at the top right of the connectors, like you see on GitLab source control, indicates that those systems were discovered but not yet connected to OX. A red icon indicates that the system was connected but there is an issue with the connection.
The blue icon at the top left of different tools like GitLeaks or Checkov indicates that these security tools are deployed and connected to OX. For example, on SAST (Static Application Security Testing), OX deployed Bandit, DevSkim, and Semgrep. Snyk was discovered but it's not connected.

Security Status

Summary and trend

Scan summary
The scan summary presented in the security status is displayed along with the assessed risk score. It provides information about the total scanned repos, the systems that were discovered and added by OX along with the total policies added by OX. This summary is displayed only at the end of the first scan, however it is always available on the top bar.
After you run multiple scans, you can see the trend of your organization's risk.
Risk score trend

Top apps

The top apps section displays the most risky apps by different categories: by risk, by priority, by improvement, and by deterioration.
Top apps
In the image above , the 5 most risky applications are displayed.
When you have scan results from multiple days, you will also see the risk trend for each application.
Risk trend

Violations by category

After scanning, you can see the issues split into different issue categories.
Violations by category
This image shows the percentage of applications that has issues in each of the categories. You can see that on the supply chain category, 29% of the applications has critical issues and on the security tools category, 14% of the applications has critical issues.
If you hover over any category, you can see the number of issues and applications with issues of each severity.
Issues in a category

Top 5 Items

Top 5 issues

This section displays the top 5 issues from the total issues identified as a result of the scan.
The issues are displayed along with the repo in which the issue was found, the score, category, issue description, issue owner information, date of issue and issue count.
Top 5 Issues
If you click on any issue, you will be navigated to the full details of this issue on the Issues page.

Top 5 issues per category

If you move to the next slider, you will see top 5 supply chain issues identified during the scan.
The issues are displayed along with the repo in which the issue was found, the score, category, issue description, Issue owner information, date of issue and issue count.
Top 5 supply chain issues
If you click on any issue, you will be navigated to the full details of this issue on the Issues page.
Similarly, if you move to the next slider, you will see the list of top 5 issues for each issue category.
Deep dive - Previous
Application top menu
Next - Deep dive
Applications Page
Last modified 8mo ago