Organization Report

Select Reports in the navigation bar and choose “Organization Report” from the dropdown. 

The Organization Report in CloudDefense provides a comprehensive overview of your organization's security posture, helping you identify critical risks, understand trends, and prioritize remediation efforts. This report includes the following sections:

• Summary Report

• Top Vulnerabilities Applications

• Top Vulnerabilities by Scan

• Percentage of Scans by Language

• OWASP Top 10

• OWASP Top 10 Category

• Secrets

• SANS Top

• SANS Top Category

• Severity Over Time

• Teams by Vulnerability

• Vulnerabilities by Ageing

• Top 10 Applications

• Suppressed Rules

You can change the organization you're viewing by selecting it from the dropdown menu at the top of the screen.

Summary Report

The Summary Report provides a high-level view of your organization's security status, showing counts of suppressed rules, total applications scanned, Super Admins, Team Admins, and App Users. This summary helps you understand the overall security landscape of your organization.

Top Vulnerabilities Applications

The Top Vulnerabilities Applications section displays the distribution of vulnerabilities across CRITICAL, HIGH, MEDIUM, and LOW levels. The total number of vulnerabilities is displayed on the left end of the bar. Below image offers a clear picture of which applications have the most significant security risks.

Top Vulnerabilities by Scan

In the Top Vulnerabilities by Scan section, you can see a bar chart illustrating the distribution of vulnerabilities by scan type. The types include SCA, API, SAST, Container, and DAST, and the total number of scans is shown on the left end of the bar.

Percentage of Scans by Language

The Percentage of Scans by Language section reveals the distribution of programming languages used in your applications. It covers various languages and displays a bar chart that helps you understand your application's tech stack.

Knowing which programming languages are used most frequently in your organization's applications allows you to tailor your security strategies accordingly.

OWASP Top 10

The OWASP Top 10 section features a pie chart distribution of the most critical security risks, as outlined in the OWASP Top 10. This globally recognized standard helps developers and security teams understand and address the most critical security vulnerabilities.

Understanding the OWASP Top 10 vulnerabilities present in your applications helps you follow industry best practices and reduce your risk by prioritizing remediation for these critical issues.

OWASP Top 10 Category

The OWASP Top 10 Category section breaks down the vulnerabilities into individual horizontal bar graphs, each showing the distribution of  CRITICAL, HIGH, MEDIUM, and LOW vulnerabilities within the respective categories.

Secrets

The Secrets section presents a pie chart that shows the percentage distribution of different types of secrets detected in your application scans. This includes various tokens, access IDs, API keys, and other sensitive information.

Detecting secrets like tokens and API keys in your source code is critical to preventing data breaches. This report helps you identify and remediate exposed secrets quickly.

SANS Top

The SANS Top section features a bar chart that displays the percentage distribution of all SANS counts detected in the application scans. It provides valuable insights into how your organization fares against the most dangerous software weaknesses.

By understanding which SANS categories are most prevalent, you can align your development and security practices with the latest recommendations.

SANS Top Category

The SANS Top Category section provides a structure similar to the OWASP Top 10 Category, with horizontal bar graphs displaying the distribution of vulnerabilities across  CRITICAL, HIGH, MEDIUM, and LOW levels within each SANS category.

Severity Over Time

The Severity Over Time section shows a timeline of the number of vulnerabilities resolved over time. It features a curve that indicates how many  CRITICAL, HIGH, MEDIUM, and LOW vulnerabilities have been resolved, helping you understand the remediation progress.

By analyzing the remediation progress, you can measure the efficiency of your security team and identify potential areas for improvement.

Teams by Vulnerability

The Teams by Vulnerability section presents horizontal bar graphs that show the number of vulnerabilities across different teams. Each graph illustrates the number of  CRITICAL, HIGH, MEDIUM, and LOW vulnerabilities.

This section enables managers to identify which teams are most affected by vulnerabilities, ensuring appropriate resource allocation for remediation efforts.

Vulnerabilities by Ageing

The Vulnerabilities by Ageing section displays the age of vulnerabilities since they were first detected, grouped in days. The vertical bars stack  CRITICAL, HIGH, MEDIUM, and LOW vulnerabilities, helping you identify aging security risks.

Aging vulnerabilities pose a significant risk to the organization. Understanding their age helps prioritize remediation efforts for the most critical, long-standing issues.

Top 10 Applications

The Top 10 Applications section ranks the top 10 applications based on their total findings. This ranking gives you a quick overview of which applications require immediate attention.

By addressing the vulnerabilities in these top 10 applications, your organization can significantly improve its security posture.

Suppressed Rules

The Suppressed Rules section provides a list of rules that have been placed on the allowed list and are suppressed for a given timeline. It displays their severity, language, and names.

This section helps you keep track of which rules have been suppressed, ensuring that non-critical issues are properly managed while still maintaining a secure development environment.