Dashboards offer a concise and visual way to monitor the security posture of the projects in your organization. They are interactive and help you visualize how you use your projects, packages, and dependencies.
Dashboards provide the following capabilities to monitor potential threats:
-
Gain real-time insights across your code inventory through a range of system widgets that display information in the form of bar graphs.
-
Aggregate and analyze findings, vulnerabilities, and dependencies using visual metrics for a clearer understanding.
-
Monitor most used or least used dependencies through real-time visibility and updates
Endor Labs comes with several out-of-the-box widgets to enable teams to understand potential risks and take preventive measures.
Widgets in the Endor Labs dashboard consolidate related data of one type and provide valuable information.
Scanned by Endor Labs
Displays information on the following scan statistics across all ecosystems in the given tenant:
- Total number of dependencies, categorized into direct and transitive dependencies
- Total number of vulnerabilities, categorized into unreachable and other vulnerabilities
- Total number of projects
- total number of packages
- Total number of scans
- Total number of configured notifications
Vulnerability prioritization funnel
Endor Labs’ vulnerability prioritization funnel systematically assesses and categorizes vulnerabilities based on their severity and category. The vulnerabilities are prioritized in the following order:
- Total open vulnerabilities - Indicates the complete list of vulnerabilities detected in all the scanned projects in this tenant.
- Not in test - Indicates the list of vulnerabilities that are present in the production code and not in the test code.
- Fix available - Indicates the list of vulnerabilities in the production code, for which a fix is available.
- Reachable - Indicates the list of vulnerabilities in production code, with a fix, that can be accessed or exploited.
- Exploitable likelihood - Indicates the list of vulnerabilities in production code, with a fix, that are reachable, and with an EPSS score greater than the specified value. See Configure baseline for EPSS score By applying this funnel approach, organizations can prioritize addressing the most critical, exploitable, and actionable vulnerabilities first, maximizing their security efforts.
Configure baseline for EPSS score
The EPSS scoring system assesses the probability of a vulnerability and indicates how likely it is to be exploited by attackers. Customize the likelihood of exploitability by setting a baseline EPSS score.
- Sign in to Endor Labs and click Dashboard.
- Navigate to the Vulnerability Prioritization Funnel and click EPSS at the end of the funnel.
- In EPSS PROBABILITY, Set a score that is recommended by the application security program of your organization. For example, set it to 8. You can now efficiently prioritize your time by focusing on vulnerabilities that have an EPSS score of more than 8% and remediate them.
- Click Save.
Development hours and cost saved
Visualize the hours and cost saved metrics information on the dashboard.
- Dev Hours Saved - Development hours saved is an estimate that is calculated after reducing the number of vulnerabilities that developers must prioritize. See Customize development hours.
- Cost Saved - Cost savings is an estimate that is made by multiplying the saved developer hours with the full-time equivalent (FTE) hourly cost for triaging vulnerabilities. See Customize cost baseline.
Customize baseline for development hours
Adjust the development baseline to meet your organization’s specific needs.
- Sign in to Endor Labs and click Dashboard.
- Navigate to the Dev Hours Saved and click the vertical ellipsis.
- Choose BASELINE and set DEV HOURS for a record on the Vulnerability Prioritization Funnel,
- Total Open Vulnerabilities - Provide approximate development hours required to triage all open vulnerabilities. By default, the development hours saved are calculated based on this baseline and displayed on the Vulnerability Prioritization Funnel.
- Not In Test - Provide approximate development hours required to triage vulnerabilities in production code.
- Reachable - Provide approximate development hours required to triage accessible and most exploitable vulnerabilities.
- Fix Available - Provide approximate development hours required to triage vulnerabilities that can be addressed with a patch or an upgrade.
- Click Save.
Customize baseline for cost
Tailor the cost baseline to reflect the Full-Time Equivalent cost of your organization.
- Sign in to Endor Labs and click Dashboard.
- Navigate to Cost Saved and click the vertical ellipsis.
- Enter an HOURLY COST and CURRENCY that applies to one full-time employee following your organization’s application security program.
- Click Save.
Top projects metrics
View the top project data by all findings, all vulnerabilities, reachable vulnerabilities, outdated dependencies, and unmaintained dependencies. You can identify the numbers for critical, high, medium, and low risk severity findings. Click the bar graph to view complete details.
Top packages metrics
View package data by all findings, all vulnerabilities, reachable vulnerabilities, outdated dependencies, and unmaintained dependencies. You can identify the numbers for critical, high, medium, and low risk severity findings. Click the bar graph to view complete details.
Top dependencies metrics
View dependency data by all findings, all vulnerabilities, and reachable vulnerabilities. You can identify the numbers for critical, high, medium, and low risk severity findings. Click the bar graph to view complete details.