Projects
To manage projects, navigate to the Projects tab (fig. 4.5). All projects are displayed as a list with brief statistics.
Figure 4.5: Projects
For each project, the following information is displayed:
- logo, project name and author (user who imported the project), project ID (first six symbols of the project UUID)
Figure 4.6: Name
- latest scan status
Figure 4.7: Status
- actions menu:
- Copy Project UUID
- New Scan
- Configure Project
- Add to Group
- Archive Project
Figure 4.8: Actions
- add to Favorite projects button
Figure 4.9: Actions
- latest scan date and time
Figure 4.10: Scan time
- analyzed languages
Figure 4.11: Type
- number of lines of code in the project
Figure 4.12: Lines of code
- critical, medium, low, info-level vulnerabilities, and the total number of vulnerabilities
Figure 4.13: Number of vulnerabilities
- app security score
Figure 4.14: Score
Security Score
In DerScanner, vulnerabilities are divided by their severity level: critical, medium, low and info.
- Critical vulnerabilities are highly likely to compromise sensitive data and system integrity.
- Medium level vulnerabilities are less likely to compromise confidential data and system integrity, or constitute less serious security breaches.
- Low level vulnerabilities can be a potential security threat.
- Info level vulnerabilities signal a violation of good programming practices.
App security score is calculated on a scale from 0 to 5 based on the number of critical and medium-level vulnerabilities. Critical vulnerabilities have a greater impact compared to medium-level vulnerabilities, and are taken into account irrespective of the total number of lines of code. Medium-level vulnerabilities impact is calculated based on their ratio against the total number of lines of source code.
Navigation
To navigate to a specific project, click the project name in the list. For more information on project management see Managing a project.
You can sort projects by name, latest scan status, date, or rating. To do this, click a respective header. Click again to reverse the sorting order (fig. 4.15).
Figure 4.15: Sort by name
For easy navigation, use the search bar and filters (fig. 4.16). To set up filters, click the filters icon and specify one or more parameters:
- Scan status: select scan statuses from the list
- Last updated: specify time interval
- Languages: choose one or more programming languages
- Score: specify a range for the project’s latest security score
- Number of vulnerabilities for each severity level: specify ranges for critical, medium, low, and info-level vulnerabilities
- Contained in a projects group
Figure 4.16: Project filters
To apply filter settings, click Apply. The total number of projects that satisfy with the filtering criteria will be displayed on the right, along with the Reset button.
To hide unnecessary projects, use the archive. Archived projects are stored in the system but unavailable for interaction. Click Archive Project to add a project to the archive. You can access it later by clicking Show Archive.
Scan Queue
On the Scan Queue tab, you can manage the execuion priority of active scans. DerScanner supports 4 priority levels — Low, Medium, High, and Exclusive. By default, scans are launched with Medium priority.
A list of all active scans provides the following information about each scan:
- project name (click to go to the Overview of the project)
- scan (the first 6 symbols of the scan UUID and scan author)
- creation date
- scan status
- priority
Sorting is supported for all of the parameters. By default, scans are sorted by priority. If multiple scans have the same priority, the first launched scan will be the first analyzed.
*Please notice that priority adjustments will apply only to the scans in the queue and will not affect projects that are already being scanned.