Dashboard Guide
The Plexicus dashboard is your command center for security posture visibility and remediation tracking. This guide explains every widget, metric, and filter so you can make data-driven security decisions.
Dashboard Overview
The main dashboard displays a curated set of widgets that give you immediate insight into:
- Security value delivered: How much time and risk Plexicus has saved your organization
- Findings status: Total findings, severity distribution, and triage funnel
- Remediation velocity: How fast your team is fixing vulnerabilities (MTTR)
- Compliance alignment: Coverage against industry standards (OWASP Top 10, CI/CD)
- Supply chain health: Dependency and infrastructure risk
All widgets respect your Date Range and Repository filters, so you can focus on specific teams, time periods, or projects.
Your Value Widget
What it measures: The quantified security value delivered by Plexicus, calculated as developer time saved and risk reduction.
The Your value widget displays four key metrics:
Saved
Metric: Estimated dollar value of developer time recovered from faster remediation.
How it's calculated:
- Plexicus benchmark: 12 minutes to remediate a vulnerability (end-to-end)
- Industry benchmark: 239 minutes (4 hours) per vulnerability
- Time saved per fix: 227 minutes (~3.78 developer-hours)
- Dollar value: Time saved × Developer hourly rate (configurable)
Example: If your team fixed 50 vulnerabilities this month and your hourly rate is €50/hour, the saved value is roughly €9,450.
Action: Use this metric in budget planning, executive reporting, and justifying security investment.
Time Returned
Metric: Aggregate developer-hours recovered from faster remediation this period.
Calculated by counting fixes and applying the 3.78-hour benchmark per finding.
Action: Track team velocity and capacity gained. If your team has time available, this shows potential for additional scans or initiatives.
Faster than Industry
Metric: Speed multiplier—how many times faster Plexicus remediation is vs. industry average.
For example, 3.1× means Plexicus teams remediate 3.1 times faster than the industry standard.
Important note: These are benchmarks, not measured values for your specific environment. Actual speed depends on your codebase complexity, team size, and automation maturity.
Action: Use this in competitive positioning and stakeholder communication.
Estimated Potential Savings
Metric: Projected savings if all currently-open findings are remediated within this period.
Based on: Open finding count × Benchmark time saved per finding × Your hourly rate.
Action: Understand the value of closing the backlog. If this number is high, prioritize remediation campaigns.
Configuring ROI
Click Configure (gear icon) to adjust:
- Developer Hourly Rate: Your organization's loaded engineering cost. Default: €50/hour. Change this to match your region, seniority, or actual burdened labor cost.
- Currency: Display all financial metrics in your preferred currency (EUR, USD, GBP, etc.).
Changes apply immediately to all displayed metrics. Rates are stored per-user, so team members can see ROI in their own context.
Selecting Time Period
Use the period selector (7d, 30d, 90d, All) to view ROI over different horizons:
- 7d: This week's value (good for sprint planning)
- 30d: This month's value (standard business period)
- 90d: This quarter's value (executive reporting)
- All: All-time cumulative value (maximum impact story)
Findings Report Widget
What it measures: Trend of findings discovered and remediated over time.
This line chart shows the count of findings (y-axis) by date (x-axis) over your selected period. The chart helps you understand:
- Discovery rate: How many new findings appear as you scan
- Remediation velocity: How quickly findings are closed
- Backlog growth/shrinkage: Whether you're outpacing fixes or falling behind
Filtering the Report
Date Range: Use the calendar picker to zoom into any period (default: last 7 days).
Repositories: Select one or more repositories to isolate findings from specific teams or projects. Multi-select allows comparing across teams. Leave empty to show all repositories.
Interpreting the Trend
- Steep upward slope: High discovery rate (lots of scans, new code, or new scanners enabled). Indicates findings backlog growth.
- Downward slope: Findings are being closed faster than new ones appear. Healthy trend.
- Flat or wavy: Steady-state backlog. New discoveries roughly match remediation rate.
- Sudden spike: Often indicates a new scan, re-baseline, or new scanner bundle activated. Check scan logs if unexpected.
Exporting Data
If enabled by your admin, the report can be exported as CSV or JSON for custom analysis in BI tools or dashboards.
Total Findings Widget
What it measures: Severity distribution and triage funnel of all findings.
This widget combines two views:
Triage Funnel (Left Side)
Shows findings by state:
- Discovered: New findings awaiting triage (typically the widest bar—all findings start here)
- Reviewed: Findings reviewed but not yet actioned
- In Remediation: Findings with active fixes in progress (PR open, ticket assigned)
- Resolved: Findings marked as mitigated, false positive, or won't-fix
Healthy funnel: Each bar is narrower as you move right. A backlog at "Discovered" means triaging is slow; a backlog at "In Remediation" means fixes are delayed.
Action: Use the findings list (from the navigation) to drill into specific stages and assign work.
Severity Donut (Right Side)
Shows findings by severity level:
- Critical (red): Immediate risk. Remediate within days.
- High (orange): Significant risk. Remediate within 1–2 weeks.
- Medium (yellow): Moderate risk. Remediate within 1–2 months.
- Low (blue): Low risk. Remediate as capacity allows or batch remediate.
Hover the donut to see exact counts per severity.
Action: If Critical findings are high, escalate to leadership. If Medium/Low are stalled, plan a remediation sprint.
Filtering
Date Range and Repository filters apply here. Dates filter findings by discovery date (when first found), not current date.
OWASP Top 10 Widget
What it measures: Findings categorized by OWASP Top 10 vulnerability types.
The OWASP Top 10 is an industry standard ranking of the most critical web application security risks (A01:2021 – Broken Access Control, A02:2021 – Cryptographic Failures, etc.).
This widget shows:
- Count of findings per OWASP category
- Most dangerous categories (tallest bars get your attention first)
- Trend of risk distribution across your codebase
Action:
- If certain OWASP categories are high, consider:
- Is your codebase particularly vulnerable in that area?
- Do you need security training on that topic?
- Can you implement a preventive control (e.g., input validation library, secrets manager)?
- Use OWASP mappings in compliance reports (PCI DSS, NIST 800-53) that reference these categories.
OWASP CI/CD Top 10 Widget
What it measures: Findings categorized by OWASP CI/CD Top 10 risks (C01–C10).
The CI/CD Top 10 extends OWASP to pipeline security, covering risks like insecure artifact delivery, insufficient logging, and inadequate supply chain controls.
Examples:
- C02: Insufficient Logging and Monitoring
- C05: Insecure Supply Chain Configuration
- C08: Insufficient Property Validation
This widget shows findings mapped to CI/CD risks, helping you understand pipeline-specific vulnerabilities.
Action: Use this to prioritize pipeline hardening initiatives and communicate CI/CD risk to ops/platform teams.
Supply Chain Widget
What it measures: Health and risk of your software supply chain (dependencies, container images, artifacts).
This widget displays supply chain visibility data:
- SLSA Framework level: Integrity of your build and release process
- Dependency freshness: Age of direct and transitive dependencies
- Artifact provenance: Whether builds are signed and traceable
- Vulnerability inheritance: Risky dependencies being used
Action:
- If SLSA level is low, increase supply chain controls (signed artifacts, build logs, provenance tracking).
- If many dependencies are outdated, schedule a dependency update sprint.
- If vulnerable dependencies are high, prioritize patch management.
Filters & Date Range
All dashboard widgets respect the same filters, so you can slice data consistently:
Date Range Picker
Click Filter Date Range to select a custom window:
- Preset ranges: 7d (default), 30d, 90d, All-time
- Custom range: Pick any start and end date
What it filters:
- Findings Report: Discovery dates within range
- Total Findings: Findings discovered in range (triage state is current)
- ROI metrics: Value delivered within range
- Other widgets: Chart data within range
Default: Last 7 days (rolling window, updated daily)
Repository Filter
Click Filter Repository to select one or more repositories:
- Displays a searchable list of connected repositories
- Select multiple to compare across teams
- Leave empty to show all repositories
- Selection persists until cleared
What it filters: All widgets show data only for selected repositories.
Use case: Run separate dashboards for each team (filter to team repos) or for each product area (filter to related repos).
Clearing Filters
Click Clear filters to reset Date Range to 7d and Repository to all.
Persona Tabs (Coming Soon)
Dashboard persona tabs are coming in an upcoming release. This section will be updated when they ship.
When launched, the dashboard will feature role-based views optimized for different personas:
- CISO Tab: Executive dashboards, risk scoring, compliance posture, top risky repos
- DevSecOps Tab: Remediation velocity, MTTR, pipeline health, scanner coverage
- Compliance Tab: Framework compliance status, control evidence, audit trails
- Developer Tab: My findings, code review integration, quick-fix suggestions
- Custom Tab: Build your own dashboard with drag-and-drop widgets
Each tab will have pre-built layouts optimized for that role, with the ability to customize further.
Common Dashboard Tasks
Monitor Weekly Progress
- Set Date Range to 7d (this week).
- Filter to your team's repositories.
- Check Findings Report for discovery trend.
- Check Total Findings funnel to see if findings are being triaged.
- Check ROI to quantify value delivered this week.
Plan a Remediation Sprint
- Set Date Range to 30d (sprint window).
- Check Total Findings severity donut for Critical + High count.
- If count > team capacity, create an epic in your ticket system.
- Use AI Remediation to auto-generate fixes.
- Re-scan after merge to verify fixes and track MTTR.
Report to Leadership
- Set Date Range to 90d (quarterly).
- Screenshot the ROI widget (Saved, Time Returned, Faster than Industry).
- Capture OWASP Top 10 to show compliance progress.
- Mention your plan tier and AI Credits used for context.
- Use findings export to provide detailed audit trail if needed.
Debug a Sudden Spike in Findings
- Note the spike date in Findings Report.
- Check if a new repository was connected or scan schedule changed.
- Check if a new scanner bundle was enabled.
- Filter to the affected repository and Date Range around the spike.
- Review actual findings to confirm they are legitimate (not false positives).
Troubleshooting
Widgets Show "No data yet"
Cause: No scans have completed for the selected repository and date range.
Resolution:
- Check if repositories are connected (see Applications).
- Run a manual scan: Go to Repositories > select asset > Scan Now.
- Wait for scan to complete (typically 5–30 minutes depending on codebase size).
- Return to dashboard; widgets refresh automatically.
Findings Report Chart Is Flat
Cause: No new findings in the selected period, or repository has no active scans.
Resolution:
- Extend the Date Range to All to see historical trend.
- Check if scans are running on schedule (go to settings).
- If intentional (backlog is empty), celebrate—your team is on top of it.
ROI Shows Zero Value
Cause: No findings have been remediated in the selected period.
Resolution:
- Extend Date Range to 90d to see if value appears over longer horizon.
- If no remediations at all, check team workload or prioritize remediation work.
- Ensure scans are enabled and findings are being discovered (check Findings Report).
Cannot See Specific Repository in Filter
Cause: Repository is not connected, or user lacks permission.
Resolution:
- Check Applications to confirm repository is connected.
- Verify your role has permission to view findings (see Roles & RBAC).
- Ask an admin to grant access or reconnect the repository.
Next Steps
- Understand findings in detail? See Findings & Triage to learn filtering, assignment, and marking workflows.
- Automate fixes? Read AI Remediation to generate and verify pull request-based fixes.
- Track compliance? See Compliance Frameworks to map findings to industry standards.
- Export data? Use the dashboard export function (if enabled) or contact your admin to access the API for custom reporting.