Application overview

The homepage of the ShiftLeft Dashboard is the Applications view. This page provides an overview of all the applications submitted by your organization for analysis by ShiftLeft CORE.

The ShiftLeft dashboard's Applications overview

Summary information

At the top of the page, you'll see summary information for your orgs' applications, including:

  • The number of applications your organization has submitted;
  • The total number of findings for all of your organization's applications;
  • The number of application groups (which you can manually create to group similar applications) you have;
  • The number of teams you've created for your organization.
A view of an org's summary information for all apps

Applications submitted

Below the summary information is a full list of the applications that your org has submitted. Clicking on application itself will take you to its detailed information page.

The list of applications is displayed chronologically, with the most recently scanned application at the top. You can, however, change it to sort by:

  • App names
  • The number of vulnerabilities of a given severity (e.g., critical or medium)
  • The number of reachable/unreachable vulnerabilities
  • The number of container-related vulnerabilities of a given severity (e.g., critical or high)
  • The number of secrets
  • The number of insights

Furthermore, you can choose to sort in ascending or descending order.

Filtering

To find a specific application in the complete list, you can filter for it using the search bar (the filter accepts application, group, team, and repository names). You can filter your applications based on their language type and Git branch.

Overview information for specific applications

For each application associated with your org, ShiftLeft displays the graphs that show the number of findings found information for each application:

  • A graph of the number of vulnerabilities found; each bar represents a different severity (e.g., the first bar of the graph reflects the number of critical vulnerabilities found)
  • A graph of the number of OSS vulnerabilities found
  • A graph of the number of OSS vulnerabilities found

Severity levels

The severity levels with which the findings are tagged are based on the CVSS 3.1 score associated with the finding:

CVSS ScoreSeverity level
CVSS score between 0.1 and 4Low
CVSS score between 4.0 and 7Medium
CVSS score between 7.0 and 9High
CVSS score above 9.0Critical

Deleting an application

If you want to delete an application from your ShiftLeft account, you can do so by clicking the ellipses to the right of the application and selecting Delete App.

You'll be prompted to enter the name of your application before you can proceed by clicking Delete App.

App Groups

App Groups allow you to group like applications based on the needs of your business. For example, you might choose to create groups for your teams or departments. Groups are also helpful if you submit portions of your apps. For example, if you have a monorepo that requires you to submit the front-end and back-end code individually, you can create a group that includes both apps. This lets you view them together in the ShiftLeft dashboard.

A view of three app groups in the dashboard

You can create a new app group via the summary view of the overview page:

A view of where to click to add an app group
  1. In the box (at the top of the page) that lists the number of app groups your org owns, click + ADD.
  2. Provide a Group Name.
  3. Select one or more Applications to include in the group.
  4. Click Save to proceed.

CLI

You can create an app group via the CLI when you're submitting an app for analysis:

sl analyze --tag app.group=<groupName> # provide the group name desired.

Repeat the use of this tag for all applications that you want to be included in the app group when submitting it to ShiftLeft for analysis.

You can add a single application to multiple groups by adding additional flags to the sl analyze command: --tag app.group=<name1> --tag app.group=<name2>.

Teams

Teams allow you to group both users and applications. With the appropriate permissions set, you can limit users to only accessing applications in their team.

A view of three teams in the dashboard

You can create a new team via the summary view of the overview page:

A view of where to click to add a team
  1. In the box (at the top of the page) that lists the number of teams your org owns, click + ADD.
  2. Provide a Team Name.
  3. Select one or more Applications to include in the group.
  4. Click Save to proceed.

To add users to the team:

  1. In the top navigation bar, click on Organization.
  2. Switch to the Manage Teams page.
  3. Click the team to which you'd like to add members.
  4. Click Add Team User.
  5. Select the Users to be added and their Team Role.
  6. Click Add User to save.

You can repeat the final two steps if you need to add users with different permissions levels.