As you add more projects and run testing, metrics are automatically collected of the current state of vulnerabilities across your projects, and historically. You can view these charts and metrics in the Uleska Platform user interface.
Note that the default charts and graphs represent a core set of useful information for many users, and that this information, and more, is also available through the Uleska Platform API. You can use this API to extract lots of metrics from Uleska and build your own dashboards or charts.
Currently, the charts and metrics can be viewed by the Customer Administration role and the Executive role. The Application Manager role doesn't currently have access to the Analytics and Financials tabs.
Under the Analytics tab you will find pre-built analytics charts for your organization.
This first chart that is shown is the overall risk levels for vulnerabilities across your teams and applications.
This bar chart lets you measure your current risk against previous weeks, showing trends in the risk for the last 11 weeks. At the top you will be shown the current risk level ($742,000 in this example) along with the risk value increase or decrease over the last 4 weeks.
The Uleska Platform automatically takes a snapshot of the risk across your projects on a Sunday night and records it for historical comparison.
Note that the current week will represent all current testing scans between the current time and the last Sunday night - meaning that if you find brand new issues they will be included in the latest bar chart and information on this screen (you don't need to wait until the next Sunday).
Clicking on the 'Vulnerabilities' tab above this chart will show you current and historical charts of the number of vulnerabilities across your projects.
Again this shows you a historical bar chart on the numbers of vulnerabilities found across projects. It is handy to move between this chart and the previous risk chart, where you can quickly see how some rises or falls in the number of vulnerabilities affect the risk stature. For example, in these screenshots, we can see that an increase in 7 new vulnerabilities in the last 4 weeks (around 5% increase) has increased the risk by over $550,000 (around a 74% increase in risk).
Applications Onboarded Chart
The 'Applications' tab above this chart then shows you the number of applications that have been onboarded to the Uleska Platform with an 11-week historical trend.
This lets you know the rate of onboarding for the last few months, and lets you easily know how many apps are onboarded. You can use this to compare against the expected number of applications you wish to be tested through the Uleska Platform. Again you can quickly switch between this tab and the risk or vulnerabilities tabs to better understand your security story over the last few months. E.g. maybe your risk and number of vulnerabilities have gone up simply because more apps are being tested, which gives you confidence that visibility is improving? Or maybe the risk has gone up but the number of apps has not.
Highest ASVS Risks Chart
Scrolling down the Analytics tab shows you the top 5 categories of ASVS which are resulting in the most risk.
Issues across applications in the Uleska Platform that have their CVSS and ASVS categories set will register in this donut chart to help you understand where your biggest risks are coming from. This lets you know where the gaps seem to be and can inform strategy on how to deal with them (e.g. online training on certain topics, brown bag sessions, etc).
As you continue to fix issues and develop your applications, this top 5 ASVS risks chart will continually update, reflecting the current state of vulnerabilities, so you can keep referring to it.
At the bottom of the Analytics page you can view the teams metrics table, which shows statistics from each team, including:
This table allows teams to be compared in terms of risk and vulnerabilities. If you click on a row (location or team) and there is a sub-team(s), then the table will expand to show the metrics for them also.
Under the Financials tab you will find pre-built overviews of the risk performance of various teams in your organization.
This tab shows the current risk associated with the high level locations/teams configured, along with changes over the last week to:
Clicking on any of the top level teams in the tab at the top will update the display to focus the metrics on that location / team, along with displaying the financials table for sub teams at the bottom of the page.
Generate PDF reports of vulnerabilities from pipeline runs.
Under the Report tab on your Application or Version, you will find input fields of how you would like to configure your PDF report.
Enter your information into the fields:
You can move sections around, add new, delete, and add summary text in Content.
Preview of what a Section looks like in the PDF report.
A shortcut for values that will appear more than once in your report.
Key - Shortcut for Value
Value - Will replace the Key whenever it is found within the Report
As the Key specified above is ‘K1’, here, ‘K1’ will be replaced by the Value, ‘Project ABC’. The Footer will read “My Footer for Project ABC” when the Report is generated.
Select Results of your Application Version, then Download PDF
This report will be generated from the latest pipeline run, and will include any modifications, advisories, and manually added security Vulnerabilities. This is a convenient way to produce a list of issues for stakeholders and enable better communication to other teams and projects, and save you time on creating your own report from scratch.