Package: Invicti AppSec Core (on-demand), Invicti AppSec Enterprise (on-premise, on-demand)
Dashboard overview
The organizational dashboard provides a comprehensive overview of all projects and their associated vulnerabilities through the side navigation menu.
Application Security (AppSec) and Infrastructure metrics display separately. You can switch between these views using the drop-down menu located next to the filter button.
You can filter data through the filter button in the upper right corner, selecting specific projects, products, business units, teams, or labels. Team leads and standard users can only filter data for projects assigned to their respective teams.
For detailed information about the individual graphs and charts, refer to dashboard metrics.
Dashboard actions and filtering
View switching
You can filter between Application Security (AppSec) and Infrastructure (Infra) metrics using the drop-down menu next to the filter button.
Available filters
The dashboard provides multiple filtering options to customize your view:
- Scanner type: Filter by specific scanning tools
- Branch: Filter by code branches
- Business criticality: Filter by assigned business criticality levels
- Business unit: Filter by organizational business units
- Projects: Select specific projects to display
- Teams: Filter by team assignments
- Labels: Filter by custom labels applied to projects
Save custom filters
You can save filter combinations under a specific name of your choice for quick access to frequently used filter sets.
Export and layout options
The dashboard supports different viewing and export options:
- Layout changes: Modify the dashboard layout to suit your preferences
- PNG export: Export dashboard data as PNG image files
- PDF export: Generate PDF reports of dashboard information
Dashboard cards description
Total Projects
Shows the total number of projects managed within Invicti AppSec (45 in the example shown). The calculation excludes projects without identified vulnerabilities.
Failing CI/CD SC
Shows the total number of projects that don't meet their established CI/CD security criteria (0 in the example shown).
Failing ASVS
Shows the total number of projects containing vulnerabilities that result in non-compliance with Application Security Verification Standard (ASVS) requirements (8 in the example shown).
Average Risk Score
Calculates based on new and recurrent vulnerabilities displayed in the Vulnerability Summary Table, using default severity scoring as follows (1731 in the example shown):
You can modify these default scores by navigating to Automation > Setup > Severity Score if you're an administrator.
- Critical: 10
- High: 9
- Medium: 4
- Low: 2
The system calculates the total risk score using the values above, then divides by the total number of scanned projects to determine the average risk score.
Average Vulnerability Score
Calculates by dividing the total risk score by the total number of new and recurrent vulnerabilities.
Open Vulnerabilities
Shows the total count of open vulnerabilities (9K in the example shown), with additional information about vulnerabilities that have known exploits (23 with Known Exploit in the example shown).
Issues
Shows vulnerabilities with an open issue in the issue management system. Displays the total count (5 in the example shown) along with additional metrics (2300 in the example shown).
Overdue
Shows vulnerabilities exceeding their established Service Level Agreement (SLA) timeframes. Displays the total count (5399 in the example shown) with additional breakdown metrics.
WOE (Window of Exposure)
Represents the average time elapsed since discovering new and recurrent vulnerabilities, measured in days. Shows the average (110 days in the example shown) along with distribution data. For vulnerabilities that are rediscovered after being previously closed, the system updates the first seen date to reflect the rediscovery timestamp.
MTTR (Mean Time to Resolution)
Shows the average time required to remediate closed vulnerabilities, measured in days. Displays the average (40 days in the example shown) with distribution metrics. For vulnerabilities that are rediscovered after closure, the system calculates Window of Exposure (WOE) instead of MTTR.
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center