Risks (SCA)

SCA Statistics

The Open Source Risks (SCA) provides a comprehensive view of all the security issues of the dependencies.

You can reach the Open Source SCA statistics either by selecting Risk selecting the top-right statistics tab of the SCA page.

Open Source Risks (SCA) page is the same as All Risks but filtered by Open Source category, so please go to All Risks for a full description.

Statistics

Secrets' Statistics view shows:

  • Charts for # of issues by severity, by type and by type & severity

  • A table with the issues (as well as a filter for the table)

You can use filters to select specific issues:

  • By Funnel Phase (see Prioritization Funnels )

  • By severity

  • By issue type

  • By dependency type (direct or indirect)

  • By reachability (see reachability)

  • by fixability (see fixability)

  • By project (pattern)

  • By issue status (open, confirmed, muted, etc)

  • By tag

  • etc.

Public Vulnerabilities (CVEs)

Clicking on the icon of a component with public vulnerabilities will open a slide with detailed information about the CVE.

Vulnerabilities also show information about Fixability. Please see Fixability for further details.

The Reachability Analysis tab provides detailed information on the call paths leading to the component's vulnerable method(s).

Please visit the Reachability documentation for further information.

Malware Early Warny details (MEW)

Clicking on the icon of a component with malware detected by Xygeni will open a slide with details.

The Summary tab shows detailed information about the component:

  • Explanation

  • Component name

  • Location where defined

  • Description

The Malware Evidence tab provides detailed information about the detected code evidence.

PreviousSupported Package Managers for dependency resolutionNextOSS Prioritization Funnels

Last updated