This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Analytics

Visualize metrics on volume and efficiency of issue resolution.

Analytics dashboard offers a comprehensive view of your security metrics, tracking vulnerability trends and resolution times across projects. Use it to quickly assess risk levels, monitor progress, and identify areas needing improvement in your security posture.

Set the filters

Customize the data displayed on the Analytics dashboard by applying specific filters to focus on the most relevant information, enabling better analysis and decision-making. Adjusting the filters ensures that you can track progress and identify trends that are critical to your security and development goals. These are global filters and apply to all widgets on this dashboard.

  • Severity - Filter the data based on vulnerability severity such as Critical (C), High (H), Medium (L), or Low (L).

  • Attributes - Narrow down the list based on a range of factors such as, if a fix is available, if the vulnerable function is reachable, if the dependency is reachable, if the dependency originates from a current repository or a current tenant, is a test dependency, is a phantom dependency, or if the finding originates from itself, direct, or a transitive dependency. See Finding attributes.

  • When was the Finding first scanned - Select a time period from the available options to filter the analytics data based on when the finding was first scanned. By default, the data from the last 90 days is displayed.

Vulnerabilities snapshot

Get a quick overview of key vulnerability metrics in your projects, helping you monitor newly identified and resolved vulnerabilities, as well as the time it takes to address them. Here’s what each metric represents:

  • Newly Discovered: The number of vulnerabilities recently identified across your projects. This count indicates areas that may need attention or remediation.
  • Resolved: The number of vulnerabilities that have been fixed or mitigated recently, reflecting progress in securing your projects.
  • Average Time to Resolve: The average time, in days, it takes to resolve a vulnerability once discovered. Lowering this number can indicate faster responses to security issues.
  • Minimum Time to Resolve: The shortest time it took to resolve a vulnerability in the current tracking period, providing insight into how quickly issues can be addressed.
  • Maximum Time to Resolve: The longest time it took to resolve a vulnerability, showing the upper range for resolution times and highlighting areas where responses might need improvement.

These metrics help track security effectiveness over time and identify trends in vulnerability resolution within your projects.

Vulnerabilities over time

Track the number of detected vulnerabilities across your projects over a specified period. This view helps you analyze trends in vulnerability discovery and resolution, showing whether security issues are increasing, decreasing, or remaining steady over time.

Average time for issues resolved

The Average Time for Issues Resolved chart displays the average number of days taken to resolve issues over a given period. This metric helps assess response efficiency, highlighting how quickly security and other issues are addressed on average, and can indicate improvements or delays in issue resolution processes.

New open vulnerabilities approaching SLA

The New Open Vulnerabilities Approaching SLA chart shows vulnerabilities that are close to missing their resolution deadlines, with less than 24 hours remaining. This allows you to prioritize issues and take immediate action to resolve them before the SLA is missed. To define or adjust SLA for different vulnerability severities, see Set SLA for vulnerabilities.

Set SLA for vulnerabilities

Follow these steps to define Service Level Agreements (SLA) for vulnerabilities based on severity levels—Critical, High, Medium, and Low:

  1. Sign in to Endor Labs and navigate to Dashboard on the left sidebar.
  2. Select ANALYTICS.
  3. Scroll down to the New Open Vulnerabilities Approaching SLA and select a severity level to set the SLA for it. The default SLA for severities are:
    • Critical - 30 Days
    • High - 30 Days
    • Medium - 90 Days
    • Low - 180 Days
  4. In SLA DURATION, set a duration in days for the selected severity level.
  5. Click Reset to restore the SLA to its default duration.
  6. Click Save.

Outdated dependencies trend

This chart tracks the number of outdated dependencies in your projects over time. It helps you monitor the progress of updating libraries and frameworks, providing insights into how many dependencies are no longer up-to-date. By identifying trends, you can prioritize updating critical dependencies, reduce security risks, and ensure your projects remain current with the latest versions.

Unmaintained dependencies trend

This chart shows the number of dependencies in your projects that are no longer actively maintained over time. This helps you track the accumulation of unsupported libraries and frameworks, which may pose security and compatibility risks. By monitoring this trend, you can take proactive steps to replace or update unmaintained dependencies, ensuring the stability and security of your projects.

Unused dependencies trend

This chart tracks the number of dependencies in your projects that are no longer in use over time. This helps identify redundant libraries or packages that can be safely removed, reducing the overall project size and improving performance. By monitoring this trend, you can streamline your codebase and reduce potential security risks from unnecessary dependencies.