Purpose

Metric shows the amount of security vulnerabilities in the application code.

How metric helps

An application vulnerability is a system flaw or weakness in an application that could be exploited to compromise the security of the application. Once an attacker has found a flaw and determined how to access it, the attacker has the potential to exploit the application vulnerability to facilitate a cyber crime. Such crimes target the confidentiality, integrity, or availability of resources possessed by an application, its creators, and its users. Attackers typically rely on specific tools or methods to perform application vulnerability discovery and compromise.   Examples of security vulnerabilities: SQL injection, cross-site scripting (XSS), credentials leakage, sensitive data exposure, broken authentication and session management and more. With the help of the metric, it becomes possible to find weaknesses in code which can potentially lead to serious security issues and react to them in a timely manner. 

How it works

Chart Overview

The chart is composed of security vulnerabilities counted in items and displayed on Axis Y which are distributed over time (Axis X). Security Vulnerabilities are summed by unit sub-types and shown in the chart legend. Each sub-type is clickable for its series to be displayed/hidden on the chart.

Image Modified

Calculation Formula

Metric is calculated as the a number of vulnerability issues in code.

RAG thresholds: Red > 20, Amber > 10, otherwise Green.

Data Source

Data for the metric can be collected from Sonar or any other project tracking/engineering tool.