Overview
The dashboard's landing page displays a list of the applications whose code you have submitted to ShiftLeft for analysis (ShiftLeft automatically adds and tracks your applications upon submission), as well as aggregate vulnerability information for your organization:
Search
The search bar allows you to find applications, application groups, and repositories featuring applications you have scanned. You can further filter the results by selecting the application's language -- for example, you can opt to return apps written only in JavaScript.
Application-specific information
For each application that you've submitted to ShiftLeft for analysis, you'll see:
- The number of vulnerabilities identified, including the severity levels
- The number of open-source vulnerabilities identified and whether they're reachable/unreachable (if applicable)
- The number of secrets and insights identified as being present in your code
- Scan details, including when it was run and any optional parameters that were provided when starting the scan
Clicking on an individual application will bring you to the applications overview for that application.
Severity levels
The severity levels with which the findings are tagged are based on the CVSS 3.1 score associated with the finding:
| CVSS Score | Severity level |
|---|---|
| CVSS score between 0.1 and 4 | Low |
| CVSS score between 4.0 and 7 | Medium |
| CVSS score between 7.0 and 9 | High |
| CVSS score above 9.0 | Critical |
Creating app groups
If you have multiple applications related to one another, you can create an app group. Each application is still analyzed individually, and ShiftLeft annotates any identified vulnerabilities with the application's name in which they can be found. On the App Groups section of the dashboard, all grouped applications will display under a single hide/show toggle on the dashboard.
You can create app groups via the dashboard or the CLI when submitting an app for analysis.
Dashboard
You can create app groups via the Dashboard:
- Near the top of the dashboard overview, find the groups box and click + Add.
- Provide a Group Name.
- Select the Applications you would like to be included with the group.
- Click Save.
CLI
You can create an app group via the CLI when you're submitting an app for analysis:
Repeat the use of this tag for all applications that you want to be included in the app group when submitting it to ShiftLeft for analysis.
You can add a single application to multiple groups by adding additional flags to the
sl analyzecommand:--tag app.group=<name1> --tag app.group=<name2>.
Managing app groups
To manage your app group, click the ellipsis to the right and select Manage App Group. In the window that opens, you can:
- Update the Group Name;
- Select/unselect applications to change those that are included in the group.
To delete an app group, the ellipsis to the right of the group and click Delete App Group. Click Delete App Group in the pop-up window to confirm this action.
Deleting an application
If you want to delete an application from your ShiftLeft account, you can do so by clicking the ellipses to the right of the application and selecting Delete App.
You'll be prompted to enter the name of your application before you can proceed by clicking Delete App.
Teams
The Teams tab of the dashboard lists the teams that are associated with your organization. Each team consists of one or more applications that the users of that team can access.
To manage your team, click the ellipsis to the right and select Manage Team. In the window that opens, you can select/unselect applications to choose the ones that will be a part of the team.