- Evaluate your AppSec program, enabling you to know your current security risk.
- Assess the deployment and adoption of secure guardrails to your organization.
- Become aware of trends and opportunities that you can use to improve your security posture.
- Quickly filter data granularly for all the charts on the page and view priority findings.
- Export the information as a PDF report.
Dashboard overview
The dashboard is divided into several sections:Export reports
To generate reports from the current view, click Dashboard > Download.Triage states
The following triage states are displayed:- Open
- Ignored, including provisionally ignored
- Fixed
Filters and configuration
Use the filters to gain a top-level view or zoom in to a single product, specific period of time, or other slice of data. Create quarterly overviews or recent incident statements for various AppSec stakeholders. Configurations set here apply to the entire page. The following quick filters are visible on the page:- Time period
- Semgrep product or type of scan (SAST, SCA, or Secrets)
- Project (a repository or a subfolder of a monorepo)
- Recommended priority toggle
INFO
- By default, the Dashboard displays data for projects that members or managers have access to. Admins can view findings from all the projects in the organization. See the Teams documentation for more information.
- It can take up to a day (24 hours) for the Dashboard to correctly update and remove findings if you have recently deleted a project.
1
Click All filters to open the filter drawer.
2
Turn off the Recommended priority toggle.
- Severity
- Confidence
- Reachability
- Validation
- Time period
- Product
- Project
- Tags
- Teams
Recommended priority
This refers to any finding that is Critical or High severity in addition to being:- High confidence - if the finding is from Semgrep Code.
- Reachable - if the finding is from Semgrep Supply Chain.
- Valid - if the finding is from Semgrep Secrets.
Production backlog
This pane displays analytics related to findings detected in your primary or default branch. This typically means that the finding, usually a security issue, has made it to production environments.Key metrics
Charts
Secure guardrails
This provides an overview of how secure guardrails in PR or MR comments are used in your organization, including how often Semgrep shows findings to developers, how the developers handle the findings, and how often Semgrep flags a finding as provisionally ignored. Other guardrail interfaces, such as the IDE orpre-commit, are not counted in this section.
Key metrics
Charts
Most findings by project
A table listing projects from most open findings to least, grouped by product or severity. Lower values are better.Median open age
A chart displaying the median open age of a finding in days over the specified time period. Lower is better. For a finding to be remediated, it must have any of the following statuses:- Fixed
- Ignored, including provisionally ignored