# OSS Remediation Risk
## Detecting 3rd party component upgrading impact
**Remediation Risk** analyzes the potential impact of applying a fix before it is executed.\
It identifies compilation and runtime changes introduced by an upgrade, helping developers validate whether the proposed remediation is safe.
This feature appears in the **SCA Vulnerability Details** panel and evaluates each suggested upgrade against your existing code and dependency graph.
## Accessing Remediation Risk
* Open **Open Source / SCA** results.
* Click any vulnerability in the list to open the **Vulnerability Details** panel.
* Select the **Remediation Risk** tab to view the analysis for available upgrade versions.
### Risk Levels
Each version includes a **risk level** that summarizes the expected impact of applying the upgrade and helps decide the safest path forward:
* **Low** — Upgrade with confidence. No breaking changes that affect compilation or impact runtime were detected.
* **Medium** — Upgrade is safe with runtime validation. No compilation-breaking changes were found, but internal modifications in the new version could affect application logic at runtime.
* **High** — Plan code changes. We detected compilation-breaking changes or significant internal functional changes that require updates in the application and full functional testing.
## Understanding Remediation Risks Details
The **Remediation Risk** view compares your current component version with the target version proposed for remediation.\
It reports detected **breaking changes**, **fixed risks**, and **new risks**, categorized by impact type.
**Information displayed includes:**
* **Risk level:** High, Medium, or Low.
* **Upgrade version:** Target version that resolves the vulnerability.
* **Breaking change summary:** Total number of deleted, modified, or deprecated methods.
* **Impact type:** Compilation errors or runtime risks.
* **Affected source paths:** Specific files and line references where affected methods appear.
### Breaking Changes
The **Breaking Changes** information expands detailed findings:
* **Deleted Methods:** Methods removed in the new version and still referenced in your code.
* **Modified Methods:** Methods whose signatures have changed.
* **Affected Source Paths:** Code locations that may fail to compile or behave differently at runtime.
## Making Safer Upgrade Decisions
With Remediation Risk, you see upgrade safety and the effort to update each affected location. You choose the target version accordingly, and **Fix vulnerability** applies the version you selected.
**Main benefits**
* Prevent unsafe upgrades before merge or deployment.
* Surface compilation vs. runtime breaking changes, with exact files and lines.
* Quantify effort to refactor impacted calls, which improves planning.
* Reduce rework and regressions across releases.
* Keep full traceability from vulnerability to chosen version to affected code.
If you want automation, configure the **Xygeni Bot** to apply the **recommended version** automatically. You can run it in PR mode and keep guardrails in place for high-risk changes.
{% hint style="info" %}
Please see [Bot Configuration](/xygeni-products/scan-management/xygeni-bot.md) page for further information on how to configure it
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.xygeni.io/xygeni-products/open-source-security-oss/oss-remediation-risk-breaking-changes.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.