Safeguard.sh Documentation Center

Analytics & Dashboards

Executive dashboards, custom reports, and exports that show posture trends and program effectiveness.

Analytics & Dashboards

The Safeguard Analytics surface lives at Home → Dashboards. It's designed for three audiences: engineers triaging their own findings, security leads running the program, and executives who want a single number they can share with the board.

Built-In Dashboards

Program Overview

A single page with the headline indicators:

  • Total assets, SBOM coverage, ownership coverage.
  • Open critical / high findings by environment.
  • KEV-listed findings in production (should be zero).
  • Time-to-remediate, rolling 30 / 90 day.
  • Griffin auto-fix activity — PRs opened, merged, rejected.

Vulnerability Backlog

  • Open findings by severity, priority, reachability.
  • Aging buckets (< 7 days, 7-30, 30-90, > 90).
  • Top 10 most-affected assets.
  • Top 10 packages driving the backlog.
  • Resolved-vs-new trend.

Supply Chain Coverage

  • Connected Git, registry, cloud, model-registry integrations.
  • Shadow asset count and trend.
  • Vendor SBOM freshness.

Compliance

  • Framework-by-framework readiness score (FedRAMP, EO 14028, CRA, DORA, SSDF, ISO 27001, SOC 2, HIPAA, PCI DSS, etc.).
  • Evidence completeness per control.
  • Exceptions open and expiring.

Zero-Days & Incidents

  • Safeguard-published advisories affecting your environment.
  • Mean time to remediate for Safeguard zero-days.
  • Active exploitation findings (KEV overlap).

Costs

  • Griffin inference calls, Workflow runs, artifact storage, runner minutes.
  • Per-team, per-environment breakdowns.

Custom Dashboards

Build your own with the Dashboard Builder (drag-and-drop) or as YAML:

apiVersion: safeguard.sh/v1
kind: Dashboard
metadata:
  name: payments-team-weekly
spec:
  filters:
    team: payments
    environment: ["production", "staging"]
  widgets:
    - type: metric
      title: "KEV findings open"
      query: "findings.severity >= high AND findings.kev == true"
      compare: "7 days ago"
    - type: timeseries
      title: "New findings / day"
      query: "count(findings) by day WHERE findings.created_at > '30d'"
    - type: table
      title: "Top 10 priorities"
      query: "findings ORDER BY priority DESC LIMIT 10"

Dashboards live in Git alongside policies if you prefer (recommended for auditability).

Metrics Layer (OpenTelemetry)

Safeguard exports every UI metric as OpenTelemetry metrics to your own OTLP endpoint (Datadog, New Relic, Grafana Cloud, Honeycomb, Chronosphere, self-hosted Prometheus):

  • safeguard.findings.open{severity, env, team} — gauge
  • safeguard.findings.created_total{severity} — counter
  • safeguard.findings.resolved_total{severity, method} — counter
  • safeguard.sbom.coverage_ratio{env} — gauge
  • safeguard.griffin.autofix.prs_total{status} — counter
  • safeguard.workflows.runs_total{workflow, result} — counter

Configure the OTLP endpoint under Settings → Telemetry.

Scheduled Reports

Email-scheduled reports, driven by any dashboard:

  • Daily digest at 09:00 local time.
  • Weekly executive summary on Mondays.
  • Monthly board pack with trend charts.

Reports ship as PDF with embedded charts, plus a structured JSON payload for ingest into reporting tools.

Executive Packs

One-click generation of polished PDFs for board or audit consumption:

  • Security Posture Executive Summary — high-level, 5 pages.
  • Compliance Evidence Pack — per-framework evidence bundle for auditors.
  • Incident Retrospective — timeline, contributing factors, remediations — for any resolved incident.
  • Vendor Risk Report — per-vendor summary for procurement.

Generated from templates you can customize (templates/*.md in your tenant's report config).

Exports

Every dashboard and every finding list can be exported:

  • CSV, TSV, Excel, JSON, NDJSON.
  • SBOM formats for component-level exports (CycloneDX, SPDX).
  • OSCAL for compliance evidence.
  • PDF for formal reporting.

Exports respect RBAC — you can only export what your role can see.

Time-Travel

Dashboards support time-travel: pick any date in the last 24 months and see the state of your fleet at that time. Useful for:

  • Post-incident analysis (what did our posture look like the day of the incident?).
  • Program retrospectives.
  • Demonstrating improvement to stakeholders.

API

Every dashboard is backed by a query API:

safeguard metrics query \
  --query 'count(findings) by severity WHERE env="production"' \
  --since 30d

Or:

curl -H "Authorization: Bearer $SG_TOKEN" \
  "https://api.safeguard.sh/v1/metrics/query?query=..."

Workflow Library

Pre-built workflow templates covering auto-fix, admission gates, self-healing, vendor risk, compliance, and operations. One-click install.

RBAC, Teams & Organizations

Organizations, teams, roles, SSO, API keys, and audit logging — how Safeguard handles identity and access.

On this page

Analytics & DashboardsBuilt-In DashboardsProgram OverviewVulnerability BacklogSupply Chain CoverageComplianceZero-Days & IncidentsCostsCustom DashboardsMetrics Layer (OpenTelemetry)Scheduled ReportsExecutive PacksExportsTime-TravelAPIRelated