Dashboard¶
The dashboard is the first thing you see when you log into Mayo ASPM. It provides a real-time snapshot of your organization's security posture — key metrics, severity trends, scan health, and the projects that need the most attention.
Overview¶
The dashboard is organized into three sections:
- Metric cards — five top-level numbers across the top.
- Charts — visual breakdowns of severity and status distributions.
- Top projects — a ranked list of projects with the most open findings.
All data updates in real time. When a scan completes or a finding is triaged, the dashboard reflects the change immediately.
Metric cards¶
Five cards span the top of the dashboard. Each shows a single key number with context.
Total Findings¶
| What it shows | The total number of open findings across all assets in your organization. |
| Why it matters | This is your headline number. A rising count means new vulnerabilities are being introduced faster than they are being resolved. A falling count means your team is making progress. |
| Click action | Navigates to the Findings page with no filters (all open findings). |
Only open findings
This card counts findings with status Open or Confirmed. Findings marked as Resolved, False Positive, or Accepted Risk are excluded. This gives you an actionable number — things that still need attention.
Open Critical¶
| What it shows | The number of open findings with Critical severity. |
| Why it matters | Critical findings represent the highest risk — remote code execution, exposed secrets, authentication bypass. This number should ideally be zero. Any non-zero value deserves immediate attention. |
| Click action | Navigates to the Findings page filtered to Critical severity + Open status. |
Critical findings demand urgency
If this number is above zero, treat it as a priority. Critical findings represent vulnerabilities that are actively exploitable with severe impact. Review them before moving to anything else.
Total Scans¶
| What it shows | The total number of scans that have been executed across your organization (all time or within the selected date range). |
| Why it matters | Scan volume indicates how actively your organization is monitoring for vulnerabilities. Low scan counts may indicate that scanning is not yet a habit. |
| Click action | Navigates to the Scans page showing all scan history. |
Scan Success Rate¶
| What it shows | The percentage of scans that completed successfully (as opposed to failing). |
| Why it matters | A low success rate means something is wrong — repositories may have access issues, scanners may be timing out, or branches may be misconfigured. Anything below 95% warrants investigation. |
| Click action | Navigates to the Scans page filtered to failed scans. |
Investigate failures early
Failed scans are silent blind spots. If a scan fails, that repository is not being monitored. Check the failed scan logs for error details and fix the issue.
Scanner Capacity¶
| What it shows | Current scanner utilization: how many scan slots are in use versus the total available for your tier. |
| Why it matters | If you are consistently at or near capacity, scans will queue for longer before starting. This is a signal to optimize scan schedules or consider upgrading your tier. |
| Click action | Navigates to the Scans page showing the current queue. |
Charts¶
Below the metric cards, two interactive charts visualize your finding data.
Severity Donut Chart¶
A donut (ring) chart that breaks down all open findings by severity level.
| Segment | Color | Description |
|---|---|---|
| Critical | Red | Findings requiring immediate action. |
| High | Orange | Findings that should be addressed within days. |
| Medium | Yellow | Findings for your normal sprint cycle. |
| Low | Blue | Low-priority findings to address when convenient. |
| Info | Gray | Informational findings for awareness. |
Interacting with the chart:
- Hover over a segment to see the exact count and percentage.
- Click a segment to navigate to the Findings page filtered to that severity.
- The center number shows the total count of all open findings.
Use the donut to spot imbalance
A healthy security posture should show most findings in the Medium and Low segments. If Critical and High dominate the chart, your team needs to prioritize remediation. If the chart is almost entirely Info, you might need to adjust scanner sensitivity or add more targeted rule sets.
Status Bar Chart¶
A horizontal stacked bar chart showing the distribution of findings by triage status.
| Status | Color | Description |
|---|---|---|
| Open | Light gray | Untriaged findings — the backlog. |
| Confirmed | Orange | Verified issues awaiting a fix. |
| Accepted Risk | Blue | Issues the team has decided to accept. |
| Resolved | Green | Fixed issues. |
| False Positive | Dark gray | Scanner errors — not real issues. |
Interacting with the chart:
- Hover over a segment to see counts.
- Click a segment to navigate to the Findings page filtered to that status.
What the status distribution tells you
A large "Open" segment means the triage queue is building up. A large "Accepted Risk" segment may indicate that scanner noise is high and policies could help filter. A growing "Resolved" segment is a healthy sign — your team is fixing things.
Top projects table¶
Below the charts, a table lists the projects with the most open findings, ranked from highest to lowest.
| Column | Description |
|---|---|
| Project name | The project (click to navigate to the project detail page). |
| Total findings | Open findings across all assets in the project. |
| Critical | Count of Critical-severity open findings. |
| High | Count of High-severity open findings. |
| Assets | Number of repositories in the project. |
| Last scanned | When the most recent scan was run on any asset in the project. |
This table surfaces which parts of your organization have the most risk. Use it to prioritize which teams or applications need attention.
Drill down from the table
Click any project row to see that project's detail page, which shows the same metrics scoped to just that project's assets and findings.
Date range filter¶
The dashboard supports a date range selector in the top-right corner. This controls the time window for the metrics:
| Option | Behavior |
|---|---|
| Last 7 days | Shows findings first seen and scans run in the last 7 days. |
| Last 30 days | Default view. Covers the last month of activity. |
| Last 90 days | Quarterly view for trend analysis. |
| Custom range | Pick specific start and end dates. |
The Total Findings card is always current
The Total Findings card always shows the current count of open findings, regardless of the date range. The date range primarily affects the Total Scans, Scan Success Rate, and the trend indicators on each card.
How data updates¶
Dashboard data is real-time. There is no manual refresh needed:
- When a scan completes, finding counts and charts update immediately.
- When a finding is triaged (status changed), the status bar chart and total counts update.
- When a new asset is added, it appears in the top projects table after its first scan.
The dashboard uses a live connection. If you leave the tab open, it stays current.
Common dashboard workflows¶
Morning security check¶
- Open the dashboard.
- Check Open Critical — if non-zero, click through and review each finding.
- Check Scan Success Rate — if below 95%, investigate failed scans.
- Review the Top projects table for any project with a sudden spike in findings.
Sprint planning¶
- Set the date range to your sprint length (e.g., last 14 days).
- Look at the status bar chart — how much of the Open backlog was moved to Confirmed or Resolved?
- Review the Top projects table to decide where to focus the next sprint.
Executive reporting¶
- Set the date range to Last 90 days or a custom quarter.
- Screenshot or note the Total Findings trend (is it going down?).
- Use the severity donut to show the risk distribution.
- Highlight any Critical findings that remain open.
Dashboard best practices¶
- Check the dashboard daily. It takes 30 seconds and surfaces problems early.
- Use Open Critical as your alarm. It should be zero. If it is not, find out why.
- Track Scan Success Rate. Failed scans are invisible risks.
- Review top projects weekly. Ensure no project is accumulating findings without anyone noticing.