OSS Remediation Risk
Detecting 3rd party component upgrading impact
Remediation Risk analyzes the potential impact of applying a fix before it is executed. It identifies compilation and runtime changes introduced by an upgrade, helping developers validate whether the proposed remediation is safe.
This feature appears in the SCA Vulnerability Details panel and evaluates each suggested upgrade against your existing code and dependency graph.
Accessing Remediation Risk
Open Open Source / SCA results.
Click any vulnerability in the list to open the Vulnerability Details panel.
Select the Remediation Risk tab to view the analysis for available upgrade versions.
Risk Levels
Each version includes a risk level that summarizes the expected impact of applying the upgrade and helps decide the safest path forward:
Low — Upgrade with confidence. No breaking changes that affect compilation or impact runtime were detected.
Medium — Upgrade is safe with runtime validation. No compilation-breaking changes were found, but internal modifications in the new version could affect application logic at runtime.
High — Plan code changes. We detected compilation-breaking changes or significant internal functional changes that require updates in the application and full functional testing.
Understanding Remediation Risks Details
The Remediation Risk view compares your current component version with the target version proposed for remediation. It reports detected breaking changes, fixed risks, and new risks, categorized by impact type.
Information displayed includes:
Risk level: High, Medium, or Low.
Upgrade version: Target version that resolves the vulnerability.
Breaking change summary: Total number of deleted, modified, or deprecated methods.
Impact type: Compilation errors or runtime risks.
Affected source paths: Specific files and line references where affected methods appear.
Breaking Changes
The Breaking Changes information expands detailed findings:
Deleted Methods: Methods removed in the new version and still referenced in your code.
Modified Methods: Methods whose signatures have changed.
Affected Source Paths: Code locations that may fail to compile or behave differently at runtime.
Making Safer Upgrade Decisions
With Remediation Risk, you see upgrade safety and the effort to update each affected location. You choose the target version accordingly, and Fix vulnerability applies the version you selected.
Main benefits
Prevent unsafe upgrades before merge or deployment.
Surface compilation vs. runtime breaking changes, with exact files and lines.
Quantify effort to refactor impacted calls, which improves planning.
Reduce rework and regressions across releases.
Keep full traceability from vulnerability to chosen version to affected code.
If you want automation, configure the Xygeni Bot to apply the recommended version automatically. You can run it in PR mode and keep guardrails in place for high-risk changes.
Last updated