Monitor and analyze your Application Security posture with the Application Security dashboard.
The Cortex Cloud Application Security dashboard offers AppSec practitioners a centralized platform for monitoring and analyzing your organization's security posture. It provides visibility into your software development lifecycle assets, and offers insights into issues detected in your environment, helping you to prioritize and remediate security risks.
How to access the Cortex Cloud Application Security dashboard
You can access the dashboard from either the Command Center or the Application Security module.
From the Command Center: Select Application Security from the drop-down menu
From the Application Security module: Select → →
Dashboard controls
Page-level filters: You can filter dashboard data by Applications, Repositories, Pipelines and Backlog status. When you apply a filter, all widgets on the dashboard update to display data relevant to the selected items If you select multiple values (for example, several repositories or pipelines), the dashboard aggregates and displays combined data for all selected items
Widget-specific filters: You can manage the data displayed in each widget through filters built into the widgets
Dashboard assets
The Cortex Cloud Application Security dashboard provides an overview of the applications, repositories and CI/CD pipelines in your environment. It displays the total count of each asset type, along with the number of critical and high issues associated with them. Selecting the number in an asset card redirects to the asset page.
Actions
Select a number in an asset card to redirect to the corresponding asset page
Select the Critical or High severity level in a Repositories or Pipelines asset card to redirect to the main Issues inventory. The inventory is filtered by AppSec Issues, the scanner type (for Repositories assets, all Cortex Cloud Application Security scanner types; for CI/CD Pipeline assets, CI/CD Risks, and the selected severity level
Click from the Applications asset card to redirect to the Application Builder, where you can define and set up a new application. For more information, refer to How to manually build an application
Standard widgets
Top Issues to Address
Displays the highest priority issues to address across all scanner types, including their severity level, the total number of times each issue was detected, and labels providing context, such as whether the the issue can be fixed, whether it was found in a public repository, if an issue is part of the top 10 OWASP risks and so on.
Actions:
Selecting an issue redirects to the main Issues inventory, filtered by the issue
You can filter issues by type of scanner (such as IaC) to display the top issues to address in a specific scan category. When selecting a scanner, the Show All option is available, allowing you to redirect to the main issue inventory displaying all issues according to the scan type
Open Issues by AppSec Scanner
Displays the total amount of open issues with critical and high severity, along with a breakdown by scanner category.
Actions:
Selecting a scanner type (such as Secrets) redirects to the corresponding Cortex Cloud Application Security issues inventory, filtered to show open issues with critical and high severity by default
You can filter the graph by severity level
Open Issues by Urgency and Scan Type
Displays the total amount of open issues by Urgency (a context-aware metric to help you focus remediation efforts on the issues that pose the greatest real-world risk in your code) and the category of scanner.
Actions:
You can filter the scanner graph by urgency level
Selecting a scanner type redirects to the corresponding Cortex Cloud Application Security issues inventory, filtered to show open issues with the selected urgency level
Open Issues by Severity
Displays the total number of open issues, including a breakdown by severity level with the count for each
Actions:
You can filter the widget by scanner type to view open issues in a specific scan category
Selecting a severity level (such as Critical) redirects to the main Issues inventory, filtered by Critical issues detected by the type of Cortex Cloud Application Security scanner selected in the dashboard
Open Issues by SLA
Displays the number of open issues that are approaching or past their SLA, grouped by scanner type (for example, Vulnerabilities).
Actions:
Selecting a scan type redirects to the corresponding Cortex Cloud Application Security issues inventory, filtered to show the issues that are approaching or past their SLA
Filter the graph by Overdue or Approaching SLA to display only open issues of the selected SLA type
Top Policies to Address
Displays the top policies across all scanner types that resulted in the highest number of detected issues.
This widget is organized into three tabs:
Issue generators: Displays policies that generated the most issues in your code or configurations. Includes the total amount of critical and high issues as well as context such as the amount of issues that have fixes and the types of scanner that detected the issues
Build blockers: Displays policies that resulted in the highest count of failed builds, providing information about the number of builds blocked by the policy, and the scan type (such as vulnerability scanner) that caused the build to fail. Selecting a policy from the list opens its side car on the AppSec Policies page for more details
PR blockers: Displays policies that resulted in the highest number of blocked pull requests (PR), including information about the amount of builds blocked by the policy, and the scan type (such as IaC scanner) that blocked the PR
Actions:
Selecting a policy opens its side car on the AppSec Policies page for more details
You can filter to view top policies at risk in a specific scan category
Click Show All to redirect to the AppSec Policies page
Top Repositories at Risk
Displays the repositories with the highest count of critical and high issues.
Actions:
Selecting a repository opens the main Issues page filtered by critical and high issues detected in the repository
You can filter to view top repositories at risk in a specific scan category
Top Pipelines at Risk
Displays the pipelines with the highest count of critical and high issues.
Actions:
Selecting a pipeline opens the main Issues page filtered by critical and high issues detected in the pipeline