prpl
Sign in
← All documentation
Manage your organization

Use the organization risk dashboard

Explain estate totals, action queue, top risks, repository posture, and threat registry.

org admin capture: organization-risk

Outcome

You can read every panel of the organization risk dashboard — estate totals, the Needs your decision action queue, top risks, weakness classes, and per-repository posture — and use it as your daily working surface for keeping the organization's exposure moving toward zero.

Who can do it

The dashboard is the signed-in landing view of the Attack surface page and is scoped to the caller:

  • A mapped owner sees a rollup across every repository in the namespaces they own.
  • A member sees only the repositories granted to them.
  • A site administrator sees the estate-wide master view across all organizations, including an additional threat registry panel that aggregates each repository's recon-derived threat model. This estate threat registry is a site-admin-only surface — it does not render for owners or members. Owners reach a single repository's threat model from that repository's scan pages instead.

Action buttons in the queue are capability-gated per item, so the page never offers you an action you are not permitted to take.

Before you begin

  • The dashboard renders once at least one repository in your scope has run history (an environment build or a scan); before that, the page shows the connect-and-scan affordances instead. Start with Connect your first repository and Run a security scan.
  • All numbers are computed from the latest scan of each repository — the dashboard is a current-posture view, not a historical archive. Older scans remain available per repository (Monitor environments and scan jobs).

Reading the dashboard, panel by panel

  1. Open it. Select Attack surface in the top navigation. The dashboard is the landing view, above the repository console.
  2. Totals (the four tiles).
    The four stat tiles at the top of the dashboard. Call out the Open risks tile.
    • Open risks — open findings across your latest scans, with the worst CVSS badge and the split into confirmed findings and findings that still need review.
    • Severity mix — the same open findings banded critical/high/medium/low.
    • Coverage — repositories scanned out of repositories connected, and how many still await a first scan.
    • Trend — findings newly confirmed since the previous scan, scans in the last 30 days, and the age of the most recent scan.
  3. Needs your decision (the action queue). Every item that is waiting on a human, grouped in working order; acting on an item removes it on the next load.
    The Needs your decision panel with its grouped queue. Call out the Review & approve plan button on a Harness build item.
  4. Top risks. The highest-CVSS open findings across the organization, with weakness class (CWE), location, repository, status, and when each was last seen — your prioritization list. The header shows how many of the total open risks are listed.
    The Top risks table. Call out the CVSS column on the first row.
  5. Weakness classes. Open findings grouped by CWE with a count and the worst CVSS per class — where recurring classes of weakness concentrate, which is the signal for training and hardening priorities.
  6. Risk by repository. One row per repository: worst CVSS, open findings by severity (or clean / not scanned yet), confirmed and defended counts, and last-scan age. A repository whose Harness build is waiting for plan approval carries a ⚠ action badge. Repository names link to each repository's detail page.
    The Risk by repository table. Call out the ⚠ action badge on a repository row.
  7. Work the queue to empty. The healthy end state is an empty Needs your decision panel and the top-risks panel reading No open risks in the latest scans — nothing needs your attention right now.

Verification

  • The tiles, action queue, and tables reflect only repositories in your scope — as an owner you see your namespaces; a member you granted one repository sees exactly that repository's slice.
  • After you act on a queue item (for example approving a plan), the item is gone from Needs your decision on the next page load and the pending count drops.
  • After a new scan completes, Trend updates its last-scan age and any newly confirmed findings appear in the counts.

Troubleshooting

  • No dashboard, just the scan controls. No repository in your scope has run history yet. Connect a repository and run a scan first.
  • A repository you expect is missing. For members: the owner has not granted you access to it. For owners: the repository has never been scanned under your namespace, or it was connected under a different namespace.
  • Coverage shows repositories "awaiting first scan". Those repositories are connected but unscanned, so they contribute nothing to the risk totals. Scan them or plan a cadence with Schedule recurring scans.
  • An action item shows no button, only a link. Buttons are capability-gated per item — you can see the queue entry but lack the capability to act on it (for example a Findings reviewer sees review actions but not Defend). The organization owner or an appropriately-roled member must take it.
  • You expected the threat registry but do not see it. The aggregated estate threat registry renders only for site administrators. Owners can open an individual repository's threat model from its scan pages once recon has completed for a build.

Next step

Make the dashboard self-sustaining: Schedule recurring scans so coverage and trend stay current, and use Understand findings to calibrate how your team reads severity and confidence before triaging from the queue.

Last verified against commit c0bf54d on 2026-07-10 · capture scenario: organization-risk