📊 Organization Dashboard

Myrror’s dashboard is designed to provide in-depth insights into vulnerabilities & attacks within your software projects, employing cutting-edge techniques such as reachability analysis and binary-to-source analysis.

The following page overviews each dashboard component, explaining its functionalities and detailing how it visually represents the information.

Overview of Repositories, Dependencies, and Issues in the Integrated SCM

At the top of the dashboard is an overview of your repositories, dependencies in action as well as detected issues, offering a holistic view of your application landscape:

• Total Repositories: Displays the total number of repositories discovered in the source control - monitored and unmonitored.
• Total Dependencies: Indicates the cumulative count of dependencies across all repositories.
• Total Issues: Provides an at-a-glance overview of the total number of issues detected within your repositories, serving as a key performance indicator for security posture assessment.

Detection

Under the Detection section, users gain access to insights related to the detection of vulnerabilities and possible attacks within their software projects.

Issues Overview

This section offers a granular breakdown of detected issues, enabling users to discern the nature and severity of vulnerabilities within their codebase. Visualized as a funnel, this section represents the efficiency of Myrror's detection and prioritization capabilities. It compares the total number of issues detected against the number that require your direct attention. Myrror's advanced algorithms significantly reduce the noise, ensuring you focus on the most critical issues. Notably, Myrror helps you cut down on remediating issues by more than 50%, saving you valuable time and resources.

• Total Issues: Presents the aggregate number of detected issues, providing a foundational understanding of the security landscape.
• Direct vs. Indirect Issues: Issues are color-coded to differentiate between those originating directly from your codebase and those cascading indirectly through dependencies. Studies suggest that around 70% of vulnerabilities stem from indirect dependencies, highlighting the importance of comprehensive security assessments.
• Severe Issues vs. Reachable Severe Issues: Graphically represents the distribution of severe issues and those that are reachable, offering insights into critical vulnerabilities that require immediate attention.

Issues by Category

A horizontal bar chart categorizes issues into four distinct categories, empowering users to identify prevalent security concerns with ease:

• Tampering: Indicates issues related to unauthorized modifications to package code
• Vulnerability: Highlights vulnerabilities within dependencies that could be exploited by attackers.
• Risky Code: Identifies code segments posing potential risks to the overall security posture.
• Malicious Package: Flags packages exhibiting malicious behavior, such as those containing malware or suspicious code.

Each category is accompanied by numerical values representing the frequency of respective issues, enabling users to prioritize remediation efforts effectively.

It categorizes detected issues by type and assigns a severity level to each one. Understanding these severity levels is essential for taking timely and appropriate action.

Myrror Security utilizes a four-tiered severity system:

• Critical: These vulnerabilities represent the most severe security risks. They can be exploited to gain complete control of systems, steal sensitive data, or disrupt critical operations. Immediate attention and remediation are necessary.
• High: High-severity vulnerabilities pose a significant threat and can be exploited to compromise systems or steal sensitive data. They require prompt attention and should be addressed within a defined timeframe.
• Medium: Vulnerabilities classified as medium severity have the potential to cause damage but are generally less likely to be exploited successfully. They should be addressed within a reasonable timeframe based on your organization's risk tolerance.
• Low: Low-severity vulnerabilities are the least critical but should not be entirely ignored. They might not pose an immediate threat but could be leveraged in conjunction with other vulnerabilities to create a more significant security risk. These issues can be addressed according to a prioritized schedule.

Dependencies by Security Status

In this section, dependencies are categorized based on their security status, providing users with actionable insights into potential risks:

• Critical, High, Medium, Low: Visualizes the distribution of dependencies across criticality levels.
• Repositories with Most Risks: Highlights repositories harboring the highest number of issues, aiding users in focusing remediation efforts on high-risk areas.

Issues by Code Language

This visualization offers an insightful breakdown of issues categorized by code language, facilitating targeted remediation strategies:

• Language Distribution: Provides a comprehensive overview of issues segmented by code language, enabling users to identify languages prone to a higher prevalence of vulnerabilities.

Remediation Visualization

Users gain access to a comprehensive snapshot of the remediation status, aiding in the assessment of ongoing security measures:

• Current Status: Displays the prevailing severity level of threats, offering a real-time assessment of the security posture.
• Fixes Available: Indicates the number of available fixes, enabling users to gauge the effectiveness of remediation efforts.
• Vulnerabilities Introduced: Highlights any vulnerabilities introduced during the remediation process, enabling proactive risk management. By proactively identifying these potential risks, Myrror empowers you to implement countermeasures and maintain a secure environment. It's important to note the status after the fix (e.g., remediated, requires further investigation) to ensure complete resolution.
• Status after fixes: Calculates the status of security issues after fixing all the recommended fixes by Myrror. Since suggested remediations will improve the status, it may also introduce other security issues that would need to be fixed in the future.

Visibility

The Visibility section allows users to get insights into the monitoring status of repositories and dependencies.

Repository Monitoring

A visually intuitive pie chart illustrates the distribution of monitored repositories and unmonitored repositories:

• Monitored Repositories: Represents repositories actively under monitoring.
• Unmonitored Repositories: Indicates repositories not currently under monitoring, indicating that attention is needed to enhance coverage.

Dependency Monitoring

Similar to repository monitoring, this pie chart offers insights into the monitoring status of dependencies::

• Monitored Dependencies: Represents dependencies actively monitored for vulnerabilities.
• Unmonitored Dependencies: Highlights dependencies not currently under monitoring, signaling potential blind spots in security coverage.

Out-of-Date Dependencies

This indicates outdated dependencies and may pose security risks, necessitating immediate attention to mitigate vulnerabilities.

Language Meter

In addition to the detailed breakdown of issues by code language, the dashboard features a Language Meter, providing users with a visual representation of the distribution of programming languages used across their repositories. This feature enhances understanding of the technology stack employed within the software projects and aids in identifying languages that may require closer scrutiny in terms of security vulnerabilities.