 Okay, so this is a quick overview of the group security dashboard. What it is in a nutshell is it is an overview of all of the vulnerabilities inside all of the projects inside a group. So in order to see it you will need a group and that group will need a project and that project will need some vulnerabilities. So here's one I prepared earlier. We've got groups and open source. See we've got one project inside this group and that project has some dummy vulnerabilities inside it. So on this group page we go over to the overview section of the sidebar. We have a security dashboard link and clicking that unsurprisingly takes us to the group security dashboard. Now as I said this is a group with one project with some dummy vulnerabilities inside it. So the data here, all the vulnerabilities have the same name and they all come from the same project. That's simply because it's dummy data. Let's not worry too much about that for now. When you've got an actual production environment with real vulnerabilities in real projects this will differ a lot more. But let's not get into that just yet. Let's start with the overview at the top. So what this basically is is it's pulled in all the vulnerabilities and it just tells you how many of them are critical. This is the severities, how many of them are critical, how many of them are high, how many of them are medium and how many are low. We also have unknown on the end here and there's a discussion around removing this so this may or may not be there in the final version. We're not entirely sure yet. But it's there for now. Let's just ignore it. And then moving slightly down the page you'll see we've got Sast here with 50 vulnerabilities inside it. Now when I said that we pulled in all the vulnerabilities there was a little white lie. We're actually only pulling in the vulnerabilities from the Sast scanning at the moment but the plan for the future is to add in the other scanners as we go along and have different tabs for them. But for now we've just put in this little tooltip that basically describes what I've just said. And again there's an issue around what this text actually says so that may change in the final version. So drilling down into the actual vulnerabilities you see that they are all sorted by the severity currently. So we've got all the critical ones at the top and then we move into the high. And then if we go on to the next page we've got medium, low, et cetera, et cetera, et cetera. And these are all paginated 10 per page with 50 vulnerabilities, five pages standard stuff. The information we have at first glance if we look at this second one here we have the critical severity. We have the name of the vulnerability, the project it came from, the confidence that the scanner has. And we have these three action buttons here. More info which unsurprisingly gives you more information on the vulnerability. New issue which creates an issue for that vulnerability. So a new issue that basically is like a placeholder that say we need to sort this vulnerability out and dismiss vulnerability that just basically says this vulnerability is not important. Let's dismiss it. If you've looked at vulnerabilities on the merge quest page or the jobs page or just the general reports for security vulnerabilities these actions and this information will be quite familiar to you. It does exactly the same things behind the scenes. In fact if I open up the more info model this is almost exactly the model you're used to seeing on them pages. So it brings in the description. We've got the project here as well because this is the first time you need to specify what project it's on. The file identifies all this stuff that's normally in the other models is there and you can dismiss a vulnerability and create an issue. Now I will show you what create an issue looks like from this model but creating an issue from down here or dismissing a vulnerability from down here is exactly the same as doing it from here but we'll do it from the model for now. So this goes off and it creates an issue and it says like the cipher does not provide it brings in the description, the severity, the confidence, a possible solution. All this lovely stuff drops in the description. If you have a new issue you're away and if we go back to the dashboard you'll see that this second one now matches the first one and it has a link. Now that is a link to the issue that we've just created. So if you have vulnerabilities with issues that are linked to them that's really visual and really obvious inside this list and you can just click on them and you can go and we go back to that issue that we've created and see what's going on with it. You'll also notice that the new issue button has gone from these because we can no longer create a new issue inside the model new issue changes to view issue. The other thing we can do is we can dismiss vulnerabilities. Tool tips are currently a bit buggy on the front end but that's an entirely separate issue. So we can dismiss them in line, dismiss a vulnerability and we can see the styling is updated so that there's a line through the title. This indicates that it's been dismissed. There is an issue in currently to change this styling because it's not super obvious that that's what's just happened. So again this will very likely look different in the release. But for now a line through means it's dismissed and we can see the dismiss button has changed to undo dismissal and we can just undo that and it's back to being a non-dismissed issue. And again dismissing them here goes away and it dismisses it properly so everywhere else where you can dismiss and vulnerabilities will pick that up. That really is about it for the dashboard. There's been some thought put into mobile views as well so you can see when you look at the smaller screen all this rearranges so that it looks a bit easier to read than it would be if it was all squished together and each vulnerability now gets its own little box that contains the severity of the vulnerability, the confidence and these actions. And again these actions work in exactly the same way as you would expect. So if you've just missed it we can undo dismissal etc etc So that is the security dashboard.