►
From YouTube: Preview of Security Dashboard at the Group level
Description
Preview of the upcoming Security Dashboard at the Group level by Sam Beckham (Secure Team).
A
Okay,
so
this
is
a
quick
overview
of
the
group
security
dashboard.
What
it
is
in
a
nutshell
is
it
is
an
overview
of
all
of
the
vulnerabilities
inside
all
of
the
projects
inside
a
group.
So
in
order
to
see
it,
you
will
need
a
group
and
that
group
will
need
a
project
and
that
project
will
meet
some
vulnerabilities.
So
here's
one
I
prepared
earlier
we've
got
groups
open
source,
see
we've
got
one
project
inside
this
group
and
that
project
has
some
dummy
vulnerabilities
inside
it.
A
A
Now,
as
I
said,
this
is
a
group
with
one
project
with
some
dummy
vulnerabilities
inside
it,
so
the
dere
here,
therefore,
all
the
vulnerabilities
have
the
same
name
and
they
all
come
from
the
same
project.
That's
simply
because
it's
dummy
day,
let's
not
worry
too
much
about
that
for
now
when
you've
got
an
actual
production
environment
with
real
vulnerabilities
in
real
projects.
This
all
this
will
differ
a
lot
more,
but
let's
not
get
into
that.
A
This
is
this
very
easy:
how
many
critical,
how
many
of
them
are
high,
how
many
a
medium
and
how
many
a
law
we
also
have
unknown
on
the
end
here
and
there's
a
discussion
around
removing
this,
or
this
may
or
may
not
be
there
in
the
final
version-
we're
not
entirely
sure
yet,
but
let's
just
it's
there
for
now:
let's
just
ignore
it
and
then
moving
slightly
down
the
page
you'll
see.
We've
got
sassed
here
with
51
abilities
inside
it.
A
Now,
when
I
said
that
we
pulled
in
all
the
vulnerabilities,
I
was
a
little
white
line,
we're
actually
only
pulling
in
the
vulnerabilities
from
the
SAS
scanning
at
the
Mormon,
but
the
plan
for
the
future
is
to
add
in
the
other
scanners
as
we
go
along
and
have
different
tabs
for
them,
but
for
now
we'll
just
put
in
this
little
tool
tip
that
basically
describes
what
I've
just
said
and
again
there's
an
issue
around
what
this
text
actually
says.
So
that
may
change
in
the
final
version
so
drilling
down
into
actual
vulnerabilities.
A
You
see
that
they
are
all
sort
by
the
severity
currently,
so
all
the
critical
ones
at
the
top
and
then
we're
moving
at
the
high,
and
if
we
go
to
the
next
page,
we've
got
medium
law,
etc,
etc,
etc,
and
these
are
imaginary,
ten
per
page
with
51
Billy's
five
pages.
It's
not
it's
tough,
the
information
we
have
at
first
glance.
Now,
if
we
look
at
this
second
one
here,
we
have
the
critical
severity.
We
have
the
name
of
the
vulnerability,
the
project.
A
It
came
from
the
confidence
that
this
kind
of
has,
and
we
have
these
three
action
buttons
here
more
info,
which,
unsurprisingly,
gives
you
more
information
on
the
phone
durability,
new
issue,
which
creates
an
issue
for
that
vulnerability.
So
and
usually,
basically,
just
like
a
placeholder
say
we
need
to
solve
this
mobility
out
and
dismiss
vulnerability.
This
just
basically
says
this.
A
Vulnerability
is
not
important
unless,
let's
dismiss
it,
if
you've
looked
at
vulnerabilities
on
the
merge
quest,
page
or
the
jobs
page
or
just
the
general
reports
for
security
vulnerabilities,
these
actions
and
this
information
will
be
quite
familiar
to
you.
It
does
exactly
the
same
things
behind
the
scenes.
A
In
fact,
if
I
open
up
the
the
more
info
model,
this
is
almost
exactly
the
model
you're
used
to
seeing
on
them
pages.
So
it
brings
in
the
description.
We've
got
the
project
here
as
well,
because
this
is
the
first
time
it's
you
need
to
specify
what
project
it's
on
the
file
he
identifies
all
of
this
stuff.
That's
normally
in
the
other
models.
A
Is
there
and
you
can
dismiss
a
vulnerability
and
create
an
issue
now
I
will
show
you
what
create
an
issue
looks
like
from
this
model,
but
creating
an
issue
from
down
here
or
dismissing
the
vulnerability
from
down.
Here
is
exactly
the
same
as
doing
it
from
here,
but
we
will
do
it
from
the
model
for
now
so
this
goes
off
and
it
creates
an
issue,
and
it
says,
like
the
cipher,
does
not
provide
things.
Basically,
it
brings
in
the
description.
That's
a
very
the
confidence,
a
possible
solution.
A
All
this
lovely
stuff
drops
it
in
the
description.
You've
got
a
new
issue
here
away
and
if
we
go
back
to
the
dashboard
and
you'll
see
that
this
second
one
now
much
is
the
first
one
and
it
has
a
link
now
that
is
a
link
to
the
issue
that
we've
just
created.
So
if
you
have
vulnerabilities
with
issues
that
are
linked
to
them,
that's
really
visual
and
really
obvious
inside
this
list,
and
you
can
just
click
on
them
and
you
can
go
and
we
go
back
to
that.
A
Yeah
you'll
also
notice
that
the
the
new
issue
button
has
gone
from
these
because
we
can
no
longer
create
a
new
issue
inside
the
the
model.
New
issue
changes
to
view
issue.
The
other
thing
we
can
do
is
we
can
dismiss
vulnerabilities
the
tooltips
currently
a
bit
buggy
on
the
front
end,
but
that's
an
entirely
separate
issue.
A
Yes,
so
we
can
dismiss
them
in
line
dismiss
her
from
ability
and
we
can
see
the
the
styling
is
update
so
that
it's
there's
a
line
through
the
title.
This
indicates
that
it's
it's
been
dismissed.
There
is
an
issue
in
currently
to
change
this
styling,
because
it's
not
super
obvious
that
that's
what's
just
happened
so
again,
this
very
likely
look
different
in
the
release,
but
for
now
lying
through
means
it's
dismissed
and
we
can
see
their
dismiss
button
has
changed
to
undo
dismissal,
and
we
can
just
don't
do
that.
A
A
That
really
is
about
it.
For
the
dashboard,
there's
been
some
thought
put
into
mobile
views
as
well,
so
you
can
see
when
you
look
at
them
smaller
screen
all
this
rearranges,
so
that
looks
a
bit
easier
to
read
than
it
would
be
if
it
was
all
squished
together
and
each
vulnerability
even
now
gets
its
own
little
box.
That
contains
this
very
either
one
ability,
Eve
confidence
and
these
actions
and
again
these
actions
work
in
exactly
the
same
way
as
you
would
expect
so.
We've
just
missed
it.
We're
gonna,
do
this
missile,
etc,
etc,
yeah.