Analytics

The Analytics dashboard provides organization-wide and product-level metrics for SBOM coverage, vulnerability posture, compliance status, and supply chain health. Use analytics to track trends, identify systemic risks, and report on security posture to stakeholders.

Overview

Analytics aggregate data across all Products, Environments, and Versions in your organization. Dashboards update automatically as new SBOMs are uploaded, vulnerabilities are discovered, and VEX dispositions are applied.

Key capabilities:

Organization-level metrics — aggregate portfolio health, vulnerability trends, and compliance posture.
Product-level metrics — drill into individual Product health, vulnerability counts, and component statistics.
Vulnerability trends — track discovery rates, remediation progress, and severity distribution over time.
Coverage metrics — monitor SBOM coverage across your software portfolio.
Compliance posture — track compliance scores across Products and frameworks.

Architecture

Analytics Engine
  ├── Organization Metrics
  │     ├── Total Products, Versions, Components
  │     ├── Vulnerability summary (by severity, VEX status)
  │     ├── SBOM format distribution
  │     ├── Compliance score averages
  │     └── Health score distribution
  │
  ├── Product Metrics
  │     ├── Version count and upload frequency
  │     ├── Component count and dependency depth
  │     ├── Vulnerability count (by severity, VEX status)
  │     ├── Compliance score per Version
  │     └── Health score per Version
  │
  └── Trend Analysis
        ├── Vulnerability discovery over time
        ├── Remediation rate
        ├── SBOM upload frequency
        └── Compliance score progression

Organization Dashboard

The organization-level analytics dashboard provides a portfolio-wide view.

Accessing the Dashboard

Navigate to the Analytics page in the main navigation.
The dashboard displays summary tiles and charts.

Available Metrics

Metric

Description

Total Products

Number of active Products in the organization

Total Versions

Number of SBOM Versions across all Products

Total Components

Number of unique components across all SBOMs

Vulnerability Summary

Count of vulnerabilities by severity (Critical, High, Medium, Low)

VEX Status Distribution

Breakdown of vulnerability dispositions (Affected, Not Affected, Under Investigation, Fixed)

SBOM Format Distribution

Proportion of CycloneDX vs. SPDX SBOMs

Compliance Score Average

Mean compliance score across all Products

Health Score Distribution

Distribution of component health scores across the portfolio

Vulnerability Trend Charts

Discovery trend — new vulnerabilities discovered per time period.
Severity trend — vulnerability count over time by severity level.
Remediation trend — rate of VEX status changes from "Under Investigation" or "Affected" to "Fixed" or "Not Affected."

Filtering

Filter the dashboard by:

Time range — last 7 days, 30 days, 90 days, or custom range.
Product — drill down to a specific Product.
Environment — filter by Environment (e.g., production only).
Label — filter by Product labels for cross-cutting views.

Product-Level Metrics

Each Product has its own analytics view accessible from the Product detail page.

Accessing Product Metrics

Navigate to the Products page and select a Product.
Product-level metrics are displayed on the Product overview and can be accessed from the Environment dashboard.

Available Product Metrics

Metric

Description

Version Count

Number of Versions in the selected Environment

Upload Frequency

Rate of SBOM uploads over time

Component Count

Total components in the latest Version

Dependency Depth

Maximum depth of the dependency tree

Vulnerability Count

Current vulnerabilities by severity

Compliance Score

Latest compliance score for the Version

Health Score

Component health score distribution

Vulnerability Analytics

Vulnerability analytics provide detailed insight into your security posture.

Severity Distribution

View the breakdown of vulnerabilities by CVSS severity level across:

The entire organization
Individual Products
Specific Environments

EPSS and KEV Correlation

Identify high-risk vulnerabilities by correlating:

High EPSS score (likely to be exploited) with Critical/High severity — highest priority for remediation.
KEV-listed vulnerabilities — actively exploited in the wild.

VEX Progress Tracking

Track your organization's vulnerability triage progress:

Metric

Meaning

Triage rate

Percentage of vulnerabilities with a VEX status (any status other than unset)

Remediation rate

Percentage of "Affected" vulnerabilities that have been moved to "Fixed"

Open critical count

Number of Critical-severity vulnerabilities without "Fixed" or "Not Affected" status

Coverage Metrics

Coverage metrics help you understand how complete your SBOM program is.

Metric

Description

Products with active SBOMs

Number of Products that have received an SBOM upload in the current period

Products without recent uploads

Products with no SBOM upload in the last 30/90 days

Environment coverage

Percentage of Environments with at least one SBOM Version

Compliance Analytics

Track compliance posture across the organization.

Metric

Description

Average compliance score

Mean score across all Products for the selected framework

Products below threshold

Number of Products with compliance scores below a defined minimum

Check failure distribution

Most common compliance check failures across the portfolio

Compliance trend

Score progression over time

Reporting and Export

Dashboard Views

Analytics data is available in visual dashboard form for real-time monitoring and stakeholder presentations.

Data Export

Export vulnerability and compliance data for external reporting:

# Export vulnerability data as CSV
pylynk vulns --prod "my-backend-service" --env "production" \
  --vuln-details --vex-details --output csv > vuln-report.csv

# Export component data with support status
pylynk download --prod "my-backend-service" --env "production" --ver "v1.2.0" \
  --support-level-only --out-file support-report.csv

Impact of Disabled Products

Disabled Products are excluded from analytics metrics and trend calculations. If you disable a Product, its vulnerability and compliance data will no longer contribute to organization-level dashboards. Re-enable the Product to restore its contribution.

Permission Matrix

Permission

Admin

Operator

Viewer

View products (includes analytics data)

✓

View SBOMs (includes metric data)

✓

Analytics is read-only. All roles with product visibility can view analytics data.

For full permission details, see Role Management.

Security Warnings

Analytics reflect only scanned data. If vulnerability scanning or SBOM checks are disabled for some Products, analytics will underrepresent the true risk posture. Ensure scanning is enabled across all production Products for accurate metrics.

Disabled Products are excluded from metrics. Disabling a Product removes its data from dashboards. If the Product still has active deployments, this creates a gap in visibility.

Common Misconfigurations

Issue

Symptom

Fix

No data on analytics dashboard

Dashboard shows zeros

Verify Products exist and have uploaded SBOMs with scanning enabled

Vulnerability counts seem low

Fewer vulnerabilities than expected

Ensure "Run Vulnerability Scan" is enabled in Environment Settings for all Products

Compliance scores not showing

No compliance data

Enable a compliance framework and "Run SBOM Checks" in Settings

Trend data appears flat

No changes over time

Verify SBOMs are being uploaded regularly; trends require multiple data points

Disabled Products missing from dashboard

Expected data not shown

Re-enable the Product or note that disabled Products are excluded by design

Label-based filtering shows no results

No data for selected label

Verify Products have the selected label applied

Recommended Best Practices

Review the organization dashboard weekly to catch emerging vulnerability trends and coverage gaps.
Use label-based filtering for team-specific or compliance-specific views (e.g., filter by compliance:fda to see only regulated Products).
Track remediation rates as a key performance indicator for your security program.
Set up notifications for coverage gaps — Products without recent SBOM uploads may indicate broken CI/CD pipelines.
Export reports monthly for management and compliance stakeholders.
Enable scanning across all Products to ensure analytics data is complete and representative.
Monitor EPSS and KEV trends to identify periods of elevated risk across your portfolio.
Use Product-level drill-downs for incident response — quickly assess which Products are affected by a new vulnerability.

PreviousInsights NextTools

Last updated 14 hours ago

hashtagOverview

hashtagArchitecture

hashtagOrganization Dashboard

hashtagAccessing the Dashboard

hashtagAvailable Metrics

hashtagVulnerability Trend Charts

hashtagFiltering

hashtagProduct-Level Metrics

hashtagAccessing Product Metrics

hashtagAvailable Product Metrics

hashtagVulnerability Analytics

hashtagSeverity Distribution

hashtagEPSS and KEV Correlation

hashtagVEX Progress Tracking

hashtagCoverage Metrics

hashtagCompliance Analytics

hashtagReporting and Export

hashtagDashboard Views

hashtagData Export

hashtagImpact of Disabled Products

hashtagPermission Matrix

hashtagSecurity Warnings

hashtagCommon Misconfigurations

hashtagRecommended Best Practices

Overview

Architecture

Organization Dashboard

Accessing the Dashboard

Available Metrics

Vulnerability Trend Charts

Filtering

Product-Level Metrics

Accessing Product Metrics

Available Product Metrics

Vulnerability Analytics

Severity Distribution

EPSS and KEV Correlation

VEX Progress Tracking

Coverage Metrics

Compliance Analytics

Reporting and Export

Dashboard Views

Data Export

Impact of Disabled Products

Permission Matrix

Security Warnings

Common Misconfigurations

Recommended Best Practices