View analytics for the group level only | Fluid Attacks Help

View analytics for the group level only

Info on required roleRole required: User, Vulnerability Manager or User Manager
The Analytics sections of Fluid Attacks' platform provide charts and figures on the status and characteristics of vulnerabilities and your remediation practices. Below are the descriptions of the kinds of charts that give information at the group level.
Advice on group analytics
Hover over charts to see available options.

Group availability

See group availability on the Fluid Attacks platform

The group availability metric displays the percentage of time the group has had unresolved events throughout its entire existence. Events are situations that prevent Fluid Attacks' tool or hacking team from conducting security testing on part of the group's scope or its entirety. This information provides a quick overview of the group's promptness in guaranteeing the conditions required for complete assessments.

You can interact with the chart as follows:
  1. Hover over a slice to see the status and percentage information
  2. Hover over a chart legend to highlight the corresponding slice in the chart
  3. Click on a chart legend to exclude the corresponding status from the percentage calculation

Total exclusions

This figure is the total number of vulnerabilities that were detected which you have instructed Fluid Attacks to exclude from reports. Learn about the strategies to make these exclusions in Exclude findings from scan reports.

Exclusions by root

See exclusions by root on the Fluid Attacks platform

This chart shows the number of vulnerabilities excluded from reports for each of your group's Git roots.

Hover over a bar to see the exact number of exclusions.

Days since group is failing

See days since group is failing on the Fluid Attacks platform

This chart shows the number of days each event in your group has remained unresolved. This information helps you prioritize long-standing issues.

Hover over a bar to see the precise number of events.

Findings by tags

See findings by tags on the Fluid Attacks platform

This chart shows the times each of your tags are used in multiple of the reported types of vulnerabilities. This helps you analyze security issues in your group using categories that are especially significant for your team.

Note defining type of vulnerability
Note: A type of vulnerability refers to the category into which a detected security issue most likely falls.

CI Agent-related analytics

By enabling the CI Agent, you can verify the status of security vulnerabilities on your system. You can embed this application, which is offered as a Docker container, into your continuous integration system to benefit from the following:

  • You would be running fast and automatic scans on the code you just wrote.

  • You can (optionally) set the CI Agent to flag the build as failed if it finds any noncompliance with your organization policies or group-specific policies. This strict mode can be customized with severity thresholds and grace periods according to your team's needs.

  • Statistics from over a hundred different systems show that breaking the build with the CI Agent increases the remediation ratio and speed, helping you build a safer system and save on remediation costs throughout your software security development lifecycle (SDLC).

Service status

This is an indication of whether Fluid Attacks' CI Agent is currently Active or Inactive.

Service usage

This figure is the number of times your team has run the CI Agent to proactively check the status of vulnerabilities in your builds.

Repositories and branches

This figure is the number of repositories and branches you check with the CI Agent.

Your commitment towards security

See your commitment towards security on the Fluid Attacks platform

The CI Agent's primary objective is to serve as gatekeeper for your team's deployments. Your team is responsible for important vulnerability management settings affecting the agent's behavior such as the following:

  • CI Agent's strict mode: Enabled by default, the strict mode helps prevent the introduction of vulnerable code into your system by halting builds or deployments if vulnerabilities are detected which have not been fixed.
  • Vulnerability acceptance: Vulnerabilities that have been accepted on the Fluid Attacks platform are disregarded even in strict mode, allowing the agent to proceed with builds or deployments as determined by your team.

This chart shows the number CI Agent executions with strict mode enabled and that for executions that found accepted vulnerabilities. This information helps your team create goals for the accepted risk to be low and for the usage of strict mode to be high.

You can interact with the chart as follows:
  1. Hover over a portion to see the status and number information
  2. Hover over a chart legend to highlight the corresponding portion in the chart
  3. Click on a chart legend to hide the corresponding status from the visual comparison

Builds risk

See builds risk on the Fluid Attacks platform

This chart shows the number CI Agent executions (detailed in the group's DevSecOps section) in which vulnerabilities were found and those in which there were none. This information helps you understand how well you are avoiding risky deployments.

You can interact with the chart as follows:
  1. Hover over a portion to see the status and number information
  2. Hover over a chart legend to highlight the corresponding portion in the chart
  3. Click on a chart legend to hide the corresponding status from the visual comparison
Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.