The dashboard allows you to get a clear overview of all vulnerabilities present in your organization. You find the dashboard under the "Overview" tab in the left sidebar.
Here you can see historical data for the number of vulnerabilities in a specific repo/branch or across all repos, in the form of a graph. You can also choose what time interval to look at. The currently supported intervals are last week, last two weeks, and previous month. From the API, you can freely choose the duration you want data for e.g. 3 days or 15 months etc. For the time prior to our first snapshot, the data will be padded with 0 values.
# All repo view
The “all repo” view shows all vulnerabilities, as the sum of the default branches in all repositories, grouped by severity. Due to limitations, we might not always be able to identify the default branch. For GitLab users, we should always be able to find your default branch, whereas for other users, we can only guarantee that we find your default branch if the branch name is either master or main. We will still make an effort to correctly identify your default branch outside these cases. This effort consists of looking for the branch with the most activity as it is assumed that, at least over time, this is the most interesting branch to look at.
In order to easily present this overview data, we create snapshots of the state of our users' repositories periodically. These snapshots contain the number of unknown- ,low- ,high- , and critical-severity vulnerabilities in a given repository. This evaluation is based on CVSS scores, where CVSS3 always takes precedence over CVSS2. Unknown severity occurs when a vulnerability does not have a CVSS score.
These snapshots are created once per day and are updated upon each successful scan of a repository. Do note that only snapshots coupled to the branch(es) being scanned will be updated. Further, a snapshot does not keep track of what vulnerabilities were in the repo, only how many.
We periodically prune our snapshots to limit the amount of data we store. We keep every Sunday's snapshot indefinitely, but the snapshot taken every other day is only retained for one month. As such, the resolution of the graph found in the dashboard will be drastically reduced for data older than one month.