Dashboard

Dashboard provides the fastest way to monitor the overall health of applications you manage. It is displayed by default when you log in to Lifecycle and is also accessible from the Dashboard icon  on the left navigation bar.


Dashboard is available for IQ Server installations with Lifecycle or Auditor license. To view the Dashboard, users should be assigned a Developer role for atleast one application.

The Dashboard is organized into two areas: Filters and Results.

Filters

NEW IN RELEASE 112

The filters menu is accessible from the "Filter" button on the upper right side of the Dashboard  as seen in screenshot above.

You can create a customized filter to fine tune the results displayed in Dashboard to analyze them better. Here are the filter options available:

Filter propertyDesription
OrganizaitonsSelect the organizations for which you want to monitor violations 
ApplicationsSelect the specific applications you want to monitor
Applicaton CategorySelect the application category to view the applications for which violations have occured
StagesSelct the specific devOps stage(s) in your development cycle at which you want to view violations
Policy TypesSelect the specific policy type(s) to view the applications it applies to 
Violation StateSelect the violation state to view corresponding application violations
AgeSelect the time window to view the applicatons for which violations occured
Policy Threat LevelMove the slider to set the policy threat level. This will display all violations that lie within the selected range.

Use the Apply button to view the updated results of the filter.

To save an applied filter selection, click the Save button. Saved filters can be reused from the dropdown at the top of the sidebar. 

Results

Dashboard Results display information based on applied filters. The results differ depending on the view that is currently selected.

Export the data displayed in the current results view by selecting Export Violations Data.

Results are saved on your local computer as a .csv file. The first row of the .csv file contains column names.

Violations View

The Violations view is the default view for the Dashboard. It displays the top 100 policy violations found in the last 30 days for your applications. 

Clicking a violation in the Violations view opens the Violation Details page. The Violation Details page presents information on the violated policy, as well as the different stages the violation has been identified in. For security violations, a detailed explanation of the vulnerability is also provided. The Manage Waivers button allows viewing, adding, and deleting waivers for selected violations. See Add, View, and Remove Waivers for more info.

Exporting Violations Data

For the violations tab the columns exported into the file are:

Column NameColumn Value
Threat LevelThe threat level associated with the policy violation, on a scale of 0 to 10
Policy NameThe name of the policy that triggered the violation
Organization NameName of the organization which owns the violated policy, or is the parent of the application in which the policy was violated
Application NameName of the application in which the policy violation was triggered
Component NameName of the component in which the policy violation was triggered
Date First SeenDate in which this policy violation was first triggered for the particular component. This date is represented in ISO 8601 format
Timestamp First SeenTimestamp of the date in which the policy was first triggered for the particular component. This timestamp is represented  in standard unix time format
NEW IN RELEASE 103

Reference 

For security violations, the CVE or Sonatype code assigned to the vulnerability that caused the policy violation
NEW IN RELEASE 103

Policy Violation Id 

The policy violation Id that triggered the violation, useful for automation with related APIs

Components View

The Components view displays the 100 highest risk components based on any filters that have been set and the user's level of access. Risk is represented in ranges of Critical, Severe, Moderate, and Low. Total risk for each component is calculated by adding the threat level of all policies violated by the component within each range.

Clicking a component in the Components view opens the Component Risk Overview page. This page presents known coordinates for the component and all violations that have been found, organized by application. Risk information for each component is also provided:

Component Details View

Exporting Components Data

For the components tab, all Risk columns are calculated by taking the associated Threat Level of the policy violation and multiplying it by the number of affected applications.

The columns exported into the file are:

Column NameColumn Value
Component NameThe component that has active policy violations
Affected AppsThe number of applications that have this component as a dependency
Total RiskSum of the risk associated with the following columns
CriticalRisk associated to the critical policy violations for the component. 
SevereRisk associated to the severe policy violations for the component. 
ModerateRisk associated to moderate policy violations for the component. 
LowRisk associated to the low policy violations for the component. 

Applications View

The Applications view displays the 100 highest risk applications, also based on any filters that have been set and the user's level of access.  As with components, risk is split up into several ranges.  Total risk is calculated by adding the threat levels of all policy violations in each range.  Risk is broken down by stage and also summarized into cross-stage totals.

From this view, you can also access the latest reports for each stage that have been evaluated for the application.


Exporting Applications Data

For the applications tab, all Risk columns are calculated by taking the sum of the associated Threat Level of the policy violations of all affected components in the application.

The columns exported into the file are:

Column NameColumn Value
Organization NameThe organization that owns the application
Application NameThe application name
Total RiskSum of the risk associated with the following columns
CriticalRisk associated to the critical policy violations for the application. 
SevereRisk associated to the severe policy violations for the application.
ModerateRisk associated to the moderate policy violations for the application.
LowRisk associated to the low policy violations for the application.


Policy Violation Trends

The Policy Violation Trends feature has been superseded by Success Metrics and was removed from IQ Server in version 1.40.

Prior to IQ Server 1.40, Export Violations Data was contained within a View menu alongside Calculate Trends. Selecting Calculate Trends from the View menu opens the Policy Violation Trends dialog. This shows policy violations trends for your current filter. Policy Violation Trends display a twelve-week look at how risk is entering your applications and how you are handling that risk, and also shows progress for all time. Calculating trends can take some time depending on the number and size of matching evaluations.