Overview
Last updated
Last updated
The Project Detail Page offers a comprehensive overview of the security scanning results associated with a specific project. Here, users can delve into detailed data points, such as the risk score, the number of open and closed issues, and the total lines of code. Moreover, the page outlines specific vulnerabilities based on recognized standards and frameworks like CWE, HIPAA, NIST800-53R4, PCI DSS 3.2.1, ISO27001, and OWASP Top 10.
On the right sidebar, users can find essential project metadata, including the project's name, the ID of the last scan, the most recent scan date, the project's creation date, and the status of the last scan. The 'Issue Trend' graph, situated at the bottom, depicts the evolution of vulnerabilities in the project over time, providing users with a visual representation of the project's security trajectory.
Branch: Users can switch between different branches of the project using the dropdown menu. The current branch displayed is develop.
Risk Score: Provides a letter grade (from A to F) indicating the overall security risk score of the project.
Open Issues: Displays the number of unresolved security vulnerabilities.
Closed Issues: Indicates the number of vulnerabilities that have been resolved.
Total Lines of Code: Shows the amount of code present in the project, measured in lines.
Project Details Section:
Project Name: Displays the title of the project.
Last Scan ID: Provides a unique identifier for the most recent scan.
Last Scan: Indicates the date and time when the project was last scanned.
Project Create Date: Shows when the project was first added to the system.
Project Type: Specifies the source control platform for the project.
Last Scan Status: Depicts the status of the last scan. A green checkmark signifies a successful scan, while a red cross would indicate a failed scan.
This section provides a breakdown of vulnerabilities based on various recognized standards:
CWE (Common Weakness Enumeration): A community-developed list of common software security weaknesses. It serves as a baseline for identification, mitigation, and prevention of software vulnerabilities.
HIPAA (Health Insurance Portability and Accountability Act): A U.S. legislation designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals, and other health care providers.
ISO27001: An international standard on how to manage information security. It details requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).
NIST800-53R4 (National Institute of Standards and Technology Special Publication 800-53 Revision 4): A publication that provides guidelines for selecting security controls for federal information systems and organizations.
PCI DSS3.2.1 (Payment Card Industry Data Security Standard version 3.2.1): A set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
OWASP Top 10 2017: A standard awareness document for developers and web application security. It represents a broad consensus about the most critical web application security risks, as identified by the Open Web Application Security Project (OWASP).