sagacity icon indicating copy to clipboard operation
sagacity copied to clipboard

Published 20 hours ago verified publisher icon cyberperspectives

Percentage Non-compliant in Rollup Column

Open mshuter opened this issue 6 years ago • 2 comments

I propose changing the formula that calculates the overall compliance column to a percentage rather than just Open/NAF. This can be done by changing $overall_str in export.php to the following:

$overall_str = "=ROUND(100*(" .
    "COUNTIF(F{$row}:{$last_tgt_col}{$row},\"Open\")+" .
    "COUNTIF(F{$row}:{$last_tgt_col}{$row},\"Exception\"))" .
    "/COLUMNS(F{$row}:{$last_tgt_col}{$row}),0)";

Ultimately, the goal is to have this column display a data bar (see here: https://support.office.com/en-us/article/use-data-bars-color-scales-and-icon-sets-to-highlight-data-f118d0a6-5921-4e2e-905b-fe00f3378fb9) I tried adding the data bar conditional formatting to the template eChecklist but phpspreadsheet library doesn't seem to support it. At least with the percentage we would only have to apply the conditional formatting. Alternative conditional formatting would be to make the cell green if 0% non-compliant and red if > 0%.

Rationale: Percent non-compliant gives additional information and a more complete picture at-a-glance of how pervasive a given vulnerability is.

Incidentally, if you do this, you no longer need the "Consistent" column, as consistent findings will be anything >0% and <100%. However, it may be easier to just leave the column there for now since parsing relies on column numbers/positions/names.

mshuter avatar Jan 29 '19 17:01 mshuter

Yeah, as far as I can tell, those conditional formatting options are not available with PHPSpreadsheet. If @JeffOdegard agrees, I can add this?

godsgood33 avatar Jan 31 '19 14:01 godsgood33

Pros

  • More information than just a binary yes/no. Tells you how pervasive the issue is. (This fits with where I'd like to see Sagacity's risk analysis capabilities go.)
  • This is "Matt's column" anyway... :o} He created it.

Cons

  • Not as easy to filter, although it is actually more granular. (You can filter based on < or > values, I think)
  • We can't do the conditional formatting that way, but can we just format 100% as green and anything else as red? (Or 100% green, 0% red, anything else orange?)

Yes, let's take a shot at it and see if we can do the conditional formatting I mention above.

JeffOdegard avatar Feb 01 '19 20:02 JeffOdegard