Dashboard
The NAT dashboard gives you a visual interface for managing scans, reviewing findings, tracking risk over time, and configuring your security testing setup.
The dashboard is available both in the SaaS hosted version at app.nat-testing.io (opens in a new tab) and in self-hosted mode at http://localhost:8080 (or your configured host/port).
Overview
After logging in, you land on the Home screen which shows:
- Recent scans — last 5 scans with status, finding counts, and duration
- Risk trend — chart of your overall security posture over the past 30 days
- Open findings — total count of unresolved findings by severity
- Quick scan — start a new scan directly from the dashboard
Sections
Scans
The Scans page lists all scan runs for your workspace. For each scan you can:
- View the full findings report
- Compare against a previous scan to see what's new, fixed, or regressed
- Download the report as HTML, JSON, or SARIF
- Re-run the scan with the same configuration
- Archive or delete a scan
Scan status indicators:
| Status | Meaning |
|---|---|
| 🔵 Running | Scan is in progress |
| ✅ Complete | Scan finished successfully |
| ❌ Failed | Scan encountered an error |
| ⏸ Queued | Scan is waiting for an available slot |
Findings
The Findings page aggregates all open findings across all scans. You can:
- Filter by severity, OWASP category, endpoint, or scan
- Sort by severity, risk score, first seen, or last seen
- Mark as resolved when a fix is deployed and verified
- Mark as accepted risk to suppress findings your team has acknowledged
- Export filtered findings to CSV or JSON
Each finding detail page shows:
- Full request and response evidence
- Risk score (0–100) with scoring breakdown
- OWASP API Top 10 category and CWE identifier
- Remediation guidance with code examples
APIs
The APIs page lists every API you've configured for scanning. For each API:
- Edit the target URL and authentication settings
- Upload or link an OpenAPI/Swagger spec
- Configure scanning schedule (SaaS plan)
- View scan history
Reports
The Reports page lets you generate and download reports across one or more scans:
- Executive report — high-level summary for management
- Technical report — full findings with evidence (HTML or PDF)
- Compliance report — OWASP API Top 10 coverage matrix
- SARIF export — for integration with GitHub Code Scanning or other tools
Settings
Configure your workspace, team, and notification settings:
| Setting | Description |
|---|---|
| API Keys | Generate keys for CLI and API access |
| Team | Invite team members and set roles |
| Notifications | Email/Slack alerts on scan completion or new findings |
| Webhooks | POST scan results to your own endpoint |
| SSO | Configure SAML/OIDC single sign-on (Enterprise plan) |
Starting a scan from the dashboard
- Click New Scan in the top navigation
- Enter or select a target API
- Configure authentication (or select a saved credential)
- Click Start Scan
The scan runs in the background — you'll see live status on the Scans page and receive a notification when it completes.
Filtering and searching findings
Use the filter bar on the Findings page to narrow results:
severity:high,critical owasp:api1,api3 status:openAvailable filter keys:
| Key | Values | Example |
|---|---|---|
severity | critical, high, medium, low, info | severity:high |
owasp | api1 through api10 | owasp:api1,api2 |
status | open, resolved, accepted | status:open |
endpoint | Path glob | endpoint:/api/v1/users* |
scan | Scan ID | scan:abc123 |
Dashboard keyboard shortcuts
| Shortcut | Action |
|---|---|
N | New scan |
F | Go to Findings |
S | Go to Scans |
/ | Focus search |
? | Show all shortcuts |
Next steps
- Security Scanning guide — understand what NAT tests for
- Reading Risk Reports — interpret findings and scores
- Self-Hosted Setup — run the dashboard on your own infrastructure