Skip to main content
The Benchmarks area of the dashboard compares your security and quality metrics against an industry baseline and shows where you land as a percentile. This page explains how those baselines are derived and how to read the comparison.

What you see

For a chosen category and period, the benchmarks view shows:
  • An overall percentile — where your metrics land relative to the baseline.
  • A per-metric table — your value, the baseline median, your percentile, a status, a confidence label (LOW / MEDIUM / HIGH), and a recommendation.

Where the baseline comes from

Baseline percentiles are derived from published industry research, including:
  • BSIMM14
  • Veracode State of Software Security v14
  • Sonar State of Code Quality 2023
  • OWASP SAMM Benchmark 2022
  • GitHub Octoverse 2023
  • GitLab Global DevSecOps Survey 2023
  • GitGuardian State of Secrets Sprawl 2024
  • Qualys TruRisk Research 2023
  • Tenable Time to Remediate 2022
  • Verizon DBIR 2024

How to read it

  • The baseline is an estimated baseline derived from published research, not an empirically measured value for your peer set. The view labels it as such.
  • Each metric carries a confidence label so you can weight it appropriately.
  • Individual metrics vary with your industry, team size, and development practices — treat the comparison as directional guidance, not a precise ranking.
Benchmarks are an industry-grounded estimate to help you orient, not a customer-specific guarantee. Read each metric alongside its confidence label.

Next steps

Dashboard

Where benchmarks live.

ROI methodology

How hours-saved is estimated.