Product
Pricing
Resources
Docs
Product
Pricing
Resources
Docs

Charts and Metrics

As you add more projects and run testing, metrics are automatically collected of the current state of vulnerabilities across your projects, and historically. You can view these charts and metrics in the Uleska Platform user interface.

Note that the default charts and graphs represent a core set of useful information for many users, and that this information, and more, is also available through the Uleska Platform API. You can use this API to extract lots of metrics from Uleska and build your own dashboards or charts.

Visible Roles

Currently, the charts and metrics can be viewed by the Customer Administration role and the Executive role. The Application Manager role doesn't currently have access to the Analytics and Financials tabs.

Analytics

Under the Analytics tab you will find pre-built analytics charts for your organization.

Risk Chart

This first chart that is shown is the overall risk levels for vulnerabilities across your teams and applications.

RiskCharts

This bar chart lets you measure your current risk against previous weeks, showing trends in the risk for the last 11 weeks. At the top you will be shown the current risk level ($742,000 in this example) along with the risk value increase or decrease over the last 4 weeks.

The Uleska Platform automatically takes a snapshot of the risk across your projects on a Sunday night and records it for historical comparison.

Note that the current week will represent all current testing scans between the current time and the last Sunday night - meaning that if you find brand new issues they will be included in the latest bar chart and information on this screen (you don't need to wait until the next Sunday).

Vulnerabilities Chart

Clicking on the 'Vulnerabilities' tab above this chart will show you current and historical charts of the number of vulnerabilities across your projects.

vulnchart

Again this shows you a historical bar chart on the numbers of vulnerabilities found across projects. It is handy to move between this chart and the previous risk chart, where you can quickly see how some rises or falls in the number of vulnerabilities affect the risk stature. For example, in these screenshots, we can see that an increase in 7 new vulnerabilities in the last 4 weeks (around 5% increase) has increased the risk by over $550,000 (around a 74% increase in risk).

Applications Onboarded Chart

The 'Applications' tab above this chart then shows you the number of applications that have been onboarded to the Uleska Platform with an 11-week historical trend.

appschart

This lets you know the rate of onboarding for the last few months, and lets you easily know how many apps are onboarded. You can use this to compare against the expected number of applications you wish to be tested through the Uleska Platform. Again you can quickly switch between this tab and the risk or vulnerabilities tabs to better understand your security story over the last few months. E.g. maybe your risk and number of vulnerabilities have gone up simply because more apps are being tested, which gives you confidence that visibility is improving? Or maybe the risk has gone up but the number of apps has not.

Highest ASVS Risks Chart

Scrolling down the Analytics tab shows you the top 5 categories of ASVS which are resulting in the most risk.

top5chart

Issues across applications in the Uleska Platform that have their CVSS and ASVS categories set will register in this donut chart to help you understand where your biggest risks are coming from. This lets you know where the gaps seem to be and can inform strategy on how to deal with them (e.g. online training on certain topics, brown bag sessions, etc).

As you continue to fix issues and develop your applications, this top 5 ASVS risks chart will continually update, reflecting the current state of vulnerabilities, so you can keep referring to it.

Teams Metrics

At the bottom of the Analytics page you can view the teams metrics table, which shows statistics from each team, including:

  • Number of sub-teams
  • Number of applications owned by that location or team
  • Total number of vulnerabilities currently in the security backlog for that location or team
  • Total risk aggregated for that location or team
  • Average risk per application (total risk / number of applications)
  • Trend indicators for risk rises and falls over the last few weeks

This table allows teams to be compared in terms of risk and vulnerabilities. If you click on a row (location or team) and there is a sub-team(s), then the table will expand to show the metrics for them also.

Financials

Under the Financials tab you will find pre-built overviews of the risk performance of various teams in your organization.

financialsglobal

This tab shows the current risk associated with the high level locations/teams configured, along with changes over the last week to:

  • Number of onboarded applications
  • Number of current vulnerabilities
  • Current total risk
  • Current average risk (total risk / number of applications)
  • You can also see the historical trend in risk in the bar chart.

Clicking on any of the top level teams in the tab at the top will update the display to focus the metrics on that location / team, along with displaying the financials table for sub teams at the bottom of the page.

financialsbelfast

 

 

 

 

 

Generate PDF reports of vulnerabilities from pipeline runs.

Configuration

Under the Report tab on your Application or Version, you will find input fields of how you would like to configure your PDF report.

Reports

Enter your information into the fields:

General Config:

  • Title

  • Header

  • Footer

  • Secondary Colour (hex)

  • Select Font

  • Select Vulnerability Order - either by alphabetical Title or by Risk of Vulnerabilities found

  • Upload Title Page Image (A4 size, jpeg)

Sections

You can move sections around, add new, delete, and add summary text in Content.

Reports2

Preview of what a Section looks like in the PDF report.

Reports3

Key Values

A shortcut for values that will appear more than once in your report.

Reports4

Key - Shortcut for Value

Value - Will replace the Key whenever it is found within the Report

Example:

Reports5

As the Key specified above is ‘K1’, here, ‘K1’ will be replaced by the Value, ‘Project ABC’. The Footer will read “My Footer for Project ABC” when the Report is generated.

Generating

Select Results of your Application Version, then Download PDF

Reports6

This report will be generated from the latest pipeline run, and will include any modifications, advisories, and manually added security Vulnerabilities. This is a convenient way to produce a list of issues for stakeholders and enable better communication to other teams and projects, and save you time on creating your own report from scratch.