> For the complete documentation index, see [llms.txt](https://docs.interlynk.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.interlynk.io/product-guides/insights/analytics.md). # Analytics The Analytics dashboard provides organization-wide and product-level metrics for SBOM coverage, vulnerability posture, compliance status, and supply chain health. Use analytics to track trends, identify systemic risks, and report on security posture to stakeholders. *** ## Overview Analytics aggregate data across all Products, Environments, and Versions in your organization. Dashboards update automatically as new SBOMs are uploaded, vulnerabilities are discovered, and VEX dispositions are applied. Key capabilities: * **Organization-level metrics** — aggregate portfolio health, vulnerability trends, and compliance posture. * **Product-level metrics** — drill into individual Product health, vulnerability counts, and component statistics. * **Vulnerability trends** — track discovery rates, remediation progress, and severity distribution over time. * **Coverage metrics** — monitor SBOM coverage across your software portfolio. * **Compliance posture** — track compliance scores across Products and frameworks. ## Architecture ``` Analytics Engine ├── Organization Metrics │ ├── Total Products, Versions, Components │ ├── Vulnerability summary (by severity, VEX status) │ ├── SBOM format distribution │ ├── Compliance score averages │ └── Health score distribution │ ├── Product Metrics │ ├── Version count and upload frequency │ ├── Component count and dependency depth │ ├── Vulnerability count (by severity, VEX status) │ ├── Compliance score per Version │ └── Health score per Version │ └── Trend Analysis ├── Vulnerability discovery over time ├── Remediation rate ├── SBOM upload frequency └── Compliance score progression ``` *** ## Organization Dashboard The organization-level analytics dashboard provides a portfolio-wide view. ### Accessing the Dashboard 1. Navigate to the **Analytics** page in the main navigation. 2. The dashboard displays summary tiles and charts. ### Available Metrics | Metric | Description | | ----------------------------- | -------------------------------------------------------------------------------------------- | | **Total Products** | Number of active Products in the organization | | **Total Versions** | Number of SBOM Versions across all Products | | **Total Components** | Number of unique components across all SBOMs | | **Vulnerability Summary** | Count of vulnerabilities by severity (Critical, High, Medium, Low) | | **VEX Status Distribution** | Breakdown of vulnerability dispositions (Affected, Not Affected, Under Investigation, Fixed) | | **SBOM Format Distribution** | Proportion of CycloneDX vs. SPDX SBOMs | | **Compliance Score Average** | Mean compliance score across all Products | | **Health Score Distribution** | Distribution of component health scores across the portfolio | ### Vulnerability Trend Charts * **Discovery trend** — new vulnerabilities discovered per time period. * **Severity trend** — vulnerability count over time by severity level. * **Remediation trend** — rate of VEX status changes from "Under Investigation" or "Affected" to "Fixed" or "Not Affected." ### Filtering Filter the dashboard by: * **Time range** — last 7 days, 30 days, 90 days, or custom range. * **Product** — drill down to a specific Product. * **Environment** — filter by Environment (e.g., production only). * **Label** — filter by Product labels for cross-cutting views. *** ## Product-Level Metrics Each Product has its own analytics view accessible from the Product detail page. ### Accessing Product Metrics 1. Navigate to the **Products** page and select a Product. 2. Product-level metrics are displayed on the Product overview and can be accessed from the Environment dashboard. ### Available Product Metrics | Metric | Description | | ----------------------- | ---------------------------------------------- | | **Version Count** | Number of Versions in the selected Environment | | **Upload Frequency** | Rate of SBOM uploads over time | | **Component Count** | Total components in the latest Version | | **Dependency Depth** | Maximum depth of the dependency tree | | **Vulnerability Count** | Current vulnerabilities by severity | | **Compliance Score** | Latest compliance score for the Version | | **Health Score** | Component health score distribution | *** ## Vulnerability Analytics Vulnerability analytics provide detailed insight into your security posture. ### Severity Distribution View the breakdown of vulnerabilities by CVSS severity level across: * The entire organization * Individual Products * Specific Environments ### EPSS and KEV Correlation Identify high-risk vulnerabilities by correlating: * **High EPSS score** (likely to be exploited) with **Critical/High severity** — highest priority for remediation. * **KEV-listed** vulnerabilities — actively exploited in the wild. ### VEX Progress Tracking Track your organization's vulnerability triage progress: | Metric | Meaning | | ----------------------- | ------------------------------------------------------------------------------------ | | **Triage rate** | Percentage of vulnerabilities with a VEX status (any status other than unset) | | **Remediation rate** | Percentage of "Affected" vulnerabilities that have been moved to "Fixed" | | **Open critical count** | Number of Critical-severity vulnerabilities without "Fixed" or "Not Affected" status | *** ## Coverage Metrics Coverage metrics help you understand how complete your SBOM program is. | Metric | Description | | ----------------------------------- | -------------------------------------------------------------------------- | | **Products with active SBOMs** | Number of Products that have received an SBOM upload in the current period | | **Products without recent uploads** | Products with no SBOM upload in the last 30/90 days | | **Environment coverage** | Percentage of Environments with at least one SBOM Version | *** ## Compliance Analytics Track compliance posture across the organization. | Metric | Description | | ------------------------------ | ----------------------------------------------------------------- | | **Average compliance score** | Mean score across all Products for the selected framework | | **Products below threshold** | Number of Products with compliance scores below a defined minimum | | **Check failure distribution** | Most common compliance check failures across the portfolio | | **Compliance trend** | Score progression over time | ### Compliance Summary Dashboard Cards The main dashboard includes compliance summary cards that give a quick snapshot of your organization's compliance posture per framework — without navigating to a dedicated compliance view. Cards are visible when at least one compliance framework is enabled and compliance checks have run. Each card links through to the full compliance details view and supports a direct export action. *** ## Reporting and Export ### Dashboard Views Analytics data is available in visual dashboard form for real-time monitoring and stakeholder presentations. ### Executive Summary PDF Export Generate a branded PDF of the Executive Summary for sharing with leadership or including in audit packages: 1. Navigate to the **Analytics** page. 2. Open the **Executive Summary** section. 3. Click **Export PDF**. 4. The PDF is generated and downloaded immediately. The PDF includes a branded cover page, vulnerability summary, compliance posture, and product-level health metrics — formatted for non-technical audiences. ### Compliance Report Export Export a compliance report directly from the dashboard for a selected compliance framework: 1. Navigate to the **Analytics** page. 2. Locate the **Compliance** dashboard section. 3. Click the export action on the compliance card. 4. The report downloads as a formatted file showing compliance scores and check results across Products. ### Data Export Export vulnerability and compliance data for external reporting: ```bash # Export vulnerability data as CSV pylynk vulns --prod "my-backend-service" --env "production" \ --vuln-details --vex-details --output csv > vuln-report.csv # Export component data with support status pylynk download --prod "my-backend-service" --env "production" --ver "v1.2.0" \ --support-level-only --out-file support-report.csv ``` *** ## Impact of Disabled Products {% hint style="info" %} Disabled Products are excluded from analytics metrics and trend calculations. If you disable a Product, its vulnerability and compliance data will no longer contribute to organization-level dashboards. Re-enable the Product to restore its contribution. {% endhint %} *** ## Permission Matrix | Permission | Admin | Operator | Viewer | | --------------------------------------- | :---: | :------: | :----: | | View products (includes analytics data) | ✓ | ✓ | ✓ | | View SBOMs (includes metric data) | ✓ | ✓ | ✓ | Analytics is read-only. All roles with product visibility can view analytics data. For full permission details, see [Role Management](/administration/role-management.md). *** ## Security Warnings {% hint style="warning" %} **Analytics reflect only scanned data.** If vulnerability scanning or SBOM checks are disabled for some Products, analytics will underrepresent the true risk posture. Ensure scanning is enabled across all production Products for accurate metrics. {% endhint %} {% hint style="warning" %} **Disabled Products are excluded from metrics.** Disabling a Product removes its data from dashboards. If the Product still has active deployments, this creates a gap in visibility. {% endhint %} *** ## Common Misconfigurations | Issue | Symptom | Fix | | ---------------------------------------- | ----------------------------------- | ----------------------------------------------------------------------------------- | | No data on analytics dashboard | Dashboard shows zeros | Verify Products exist and have uploaded SBOMs with scanning enabled | | Vulnerability counts seem low | Fewer vulnerabilities than expected | Ensure "Run Vulnerability Scan" is enabled in Environment Settings for all Products | | Compliance scores not showing | No compliance data | Enable a compliance framework and "Run SBOM Checks" in Settings | | Trend data appears flat | No changes over time | Verify SBOMs are being uploaded regularly; trends require multiple data points | | Disabled Products missing from dashboard | Expected data not shown | Re-enable the Product or note that disabled Products are excluded by design | | Label-based filtering shows no results | No data for selected label | Verify Products have the selected label applied | *** ## Recommended Best Practices * **Review the organization dashboard weekly** to catch emerging vulnerability trends and coverage gaps. * **Use label-based filtering** for team-specific or compliance-specific views (e.g., filter by `compliance:fda` to see only regulated Products). * **Track remediation rates** as a key performance indicator for your security program. * **Set up notifications for coverage gaps** — Products without recent SBOM uploads may indicate broken CI/CD pipelines. * **Export reports monthly** for management and compliance stakeholders. * **Enable scanning across all Products** to ensure analytics data is complete and representative. * **Monitor EPSS and KEV trends** to identify periods of elevated risk across your portfolio. * **Use Product-level drill-downs** for incident response — quickly assess which Products are affected by a new vulnerability. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.interlynk.io/product-guides/insights/analytics.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.