Project

This template allows to analyze the findings, the density and the trends of a specific project within a configurable timeframe.

Permissions

To be able to generate the Project report, the user must be associated to an Access Control role that has the generate-project-report permission. Since this permission is not included in any of the default Access Control roles, you must create a new role or edited an existing role, to include the new permission.

KPIs

Data Information

The Data Information card shows details related to the scanned project, such as total number of scans executed, total number of lines of code scanned, scan time average and last data retention execution date.

Filtered By

In this card you can see which filters were applied when generating the report:

Included: Data included in the report. All data available in the report is filtered according to the specified included filters.

Excluded: Data filtered out from the report.

Specific filters can be applied when generating the project template to restrict and refine the data and the results to analyze.

The following filters can be defined when generating the template:

Severity: By default, Low and Informative results are excluded.
- Allowed values to be excluded from the report are: High, Medium, Low and Information.
Result State: By default, all Result States are included.
- Allowed values to exclude are: To Verify, Confirmed, Urgent, Proposed Not Exploitable, Not Exploitable.
Status: By default, only New and Recurrent are included.
- Allowed values to exclude are: New, Recurrent and Resolved.
- What happens when Resolved results are included?
  - Resolved Results section is displayed in the report.
  - All other KPI calculation (out of Resolved Results section) are not affected by the resolved results.
- What happens when Resolved results are excluded?
  - Resolved Results section is not displayed in the report.
Timeframe: Defines the date range in the analysis and it is composed by a starting date and an ending date. The maximum allowed period to be defined is 1 year. In case the timeframe is not defined:
- The Timeframe used is the project lifetime.
- If the project lifetime extends over 1 year, the timeframe starts from the year prior to the last scan date.
Data Points: allowed values are last or first. The default value is last.
- last: means that last scan is considered.
- first: means the first scan is considered.
- Example: Timeframe is analysis is 1 week and data point is first.
  - Each day of the week is considered as a data point.
  - In case there are several full scans in the same day, the results for that day will be represented according to the first scan of the day.

Total Results Overview

The Total Results Overview provides trend analysis over time.

The Density cards are calculated based on the last full scan executed for the project within the timeframe under analysis.

The labels for Data Retention, Preset Change, and Query Change mark the dates where these events occurred to help you understand changes in the total results and possible variations in the findings over time.

How are the timeframe dates arranged?

Data grouping is arranged based on the length of the timeframe.
Data grouping period is identified on the chart by its end date.

Report Formats:

In PDF format, if the timeframe period is:
- over 180 days, the data points are every 2 weeks.
- over 30 days and under 180 days, the data points are per week.
- under 30 days, the data points are presented by day.
In JSON format, the full scope of data is presented

Example: Monthly Timeframe

Timeframe: From 1st of January to 30th of January.
Data point: last scan.
Data points are displayed per week, where the first data point identified is the 7th of January and shows the results for the last scan executed between the 1st and the 7th.
The second data point is identified by 14th of January, the third by the 21st of January, the fourth by the 28th of January and the last would be identified by 5th of February (even if it extends the timeframe filter).

Example: One Year Timeframe

Timeframe: From 1st of January to 31st of December.
Data point: first scan.
Data points are displayed every 2 weeks, where the first data point identified is the 14th of January and shows the results for the first scan executed between the 1st and the 14th of January.

Scan Results Overview

The KPIs displayed in the scan results overview are based on the last full scan executed for the project within the timeframe in analysis. Last scan details for Scan Id and Scan Date are displayed.

For further details about the KPIs, please see Scan Template.

State Transitions Metrics

For each transition detected in the project, within the timeframe in analysis, you can see how many days the transition takes on average, and how many results have changed.

Taking as example the High results from To Verify to NE:

3 results were changed from To Verify to Not Exploitable.
In average the transition takes 24 days.
The minimum days is 20 and maximum is 29.

Resolved Results Overview

This section only appears in case Resolved Results is included in the report (defined in the Filters).

The chart shows the trends over time for the resolved results.

The Total Results line shows the number of results currently present in the project, so you can compare the ratio between resolved and open findings. In case some of the open results are assigned to a specific user, you can see those totals in the Assigned line.

Top 5 Resolved Vulnerabilities by Severity

The Top 5 Resolved Vulnerabilities shows the vulnerabilities which had more results resolved within the time frame under analysis. For each vulnerability, the total number of results resolved is displayed.

Results by Language

As each project might comprise several languages, specific charts showing the total findings over time are part of the project report.

Languages Overview

The chart shows the trends over time for the scanned languages.

Language Vulnerabilities

For each specific language, you can see the trends of the results by severity and by its density as well.

In this section: