Get a Demo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Navigating the Hopper Dashboard: Your Security Funnel at a Glance

Hopper’s dashboard gives you a real-time, actionable view of open-source and AI model risk across your entire codebase. It is designed to cut through the noise by showing what is reachable, exploitable, and urgent, so AppSec and engineering teams can act quickly and confidently.

This guide walks you through how to interpret the dashboard and use its insights to guide triage, remediation, and reporting.

Top-Level Stats

At the top of the dashboard, you will see summary metrics across your organization:

  • Malicious packages detected
  • Organizations connected
  • Repositories scanned
  • AI-powered repositories
  • Projects analyzed
  • Container images monitored

These metrics give you a quick snapshot of Hopper’s coverage and impact.

Open Source Vulnerabilities Funnel

Below the top-level stats you will find Hopper’s vulnerability funnel. It visualizes your exposure in four layers:

  1. All known vulnerabilities in your organization
  2. Vulnerabilities in applications only
  3. Reachable vulnerabilities, validated at the function level
  4. Exploitable vulnerabilities, based on EPSS scores

This helps your team separate theoretical risk from real exposure.

Vulnerability Insights: Quick and Impactful Fixes

Hopper highlights two types of high-value remediation opportunities:

  • Quick Fixes show low-effort updates that eliminate reachable, high-risk issues.
  • Impactful Fixes resolve a vulnerability across multiple applications or projects with a single change.

Use these to reduce risk quickly without overloading developers.

AI Risk Analysis

If your team uses AI coding assistants, Hopper automatically detects AI-generated repositories and flags the risks introduced. This view helps you:

  • Monitor vulnerabilities in AI-generated code
  • Understand how model use expands your OSS attack surface
  • Prioritize remediation across AI-powered projects

Vulnerability Trends and Ecosystem Breakdown

  • Vulnerabilities by Severity (over time) helps you track risk trends across critical, high, medium, and low levels.
  • Applications and Libraries by Ecosystem shows how your stack breaks down by language and framework.
  • Vulnerabilities by Source highlights whether issues come from application code, internal libraries, or open-source components.

Most Vulnerable Assets

This section identifies your highest-risk areas:

  • View by application, internal package, or open-source package
  • Filter by Crown Jewels, Reachable, or high EPSS scores
  • Focus on what matters most to your business

Most Common Vulnerabilities

See which CVEs appear most frequently across your codebase. Filter by severity to focus on critical and high issues that may require broader remediation or policy changes.

SLA Analysis

This section helps you measure how vulnerabilities align with your internal SLAs:

  • Date each issue was discovered
  • Days remaining until due or number of days past due
  • Ranked by priority

Use it to track performance, report on SLA adherence, and stay ahead of deadlines.