Skip to main content

6. Monitor and learn

  • Data is more and more abundant, including regarding security metrics. It is really worth exploiting it, as it fosters informed and efficient collaboration.
  • Jira is the most common solution for the management of agile stories. It provides very rich reporting functions. So great attention should be given to configure it adequately.
  • It is often said that dashboards are only for managers. Following agile transparency principle, ASF pushes for shared dashboards for all stakeholders: developers, managers, security teams.
  • It is generally better to avoid sensitive information in dashboard, so that is is possible to stick to a simple access control mechanism (e.g. set the teams who have access to the dashboards).
  • The dashboards for development environment concern vulnerabilities, code quality, micro-segmentation, secrets leaks, ...
  • Some tools like SonarQube already provide good dashboards for code quality. Similarly, commercial tools always provide dashboard functionalities.
  • However, it often makes sense to develop additional custom dashboards:
    • this reduces vendor lockdown and dependency
    • modern tools makes that much simpler than it used to be, and a POC dashboard can be developed in a few days
    • this allows top-notch and adapted dashboards that will bring high values to all stakeholders
    • there are connectors for most commercial tools, so exploiting their raw data is often possible
  • Modern dashboards are explorable, so each reader is able to dive in the details as necessary.
  • Allowing personalized dashboards is also great to improve the UX for all readers.
  • Il also makes sense to take regular (daily, weekly) snapshots for most relevant dashboards and send them by mail or in collaboration channels.
  • Many tools can be used to create dashboards. Metabase or Apache Superset are good examples in the open-source category.
  • The ultimate goal of dashboards is to push for constant progress. Once a goal has been achieved, a new goal can be defined, and the dashboards can be adapted for that new goal.
  • Trend reporting widgets are very interesting to facilitate reading at a glance.