First-party code

Use the widgets in the first-party code dashboard to understand the vulnerabilities in your codebase from a SAST and secrets perspective. Dashboard represents the vulnerabilities across all the projects in the given namespace.

The following sections describe the widgets in the first-party code dashboard and how to use them.

• Set the filters for the dashboard
• Open SAST findings
• Open secrets findings
• OWASP Top 10 by severity
• Top Projects by SAST findings
• Top Projects by secrets findings

Set the filters for the dashboard

You can filter the data displayed on the dashboard by applying filters based on the severity of the findings. You can choose the combination of critical, high, medium, and low severity findings.

Open SAST findings

Displays the number of open SAST findings categorized by severity and languages. Click on the severity or language to view the list of specific findings.

Open secrets findings

Displays the number of open secrets findings. Valid secrets are critical in nature while invalid secrets are informational in nature with a low severity. The findings are based on the secrets finding policy configured for the projects. Click on the type of secret to view the list of specific findings.

OWASP Top 10 by severity

Displays the number of OWASP Top 10 findings across your projects in a stacked bar chart. Each bar chart represents the OWASP security risk categorized by severity. Click on the severity to view the list of findings associated with the specific OWASP security risk.

Top Projects by SAST findings

Lists the top five projects with the highest number of SAST findings. Click on the project to view the list of SAST findings associated with the project.

Top Projects by secrets findings

Lists the top five projects with the highest number of secrets findings. Click on the project to view the list of findings associated with the project.