Risks (SCA)

Risks (SCA)

The Open Source Risks (SCA) provides a comprehensive view of all the security issues of the dependencies.

You can reach the Open Source Risks (SCA) page either by selecting Risks (SCA) in the Navigation Bar or selecting the Risks (SCA) tab of any page of the Components section.

Open Source Risks (SCA) page is the same as All Risks but filtered by Open Source category, so please go to All Risks for a full description.

Statistics

Secrets' Statistics view shows:

  • Charts for # of issues by severity, by type and by type & severity

  • A table with the issues (as well as a filter for the table)

You can use filters to select specific issues:

  • By Funnel Phase (see Prioritization Funnels )

  • By severity

  • By issue type

  • By dependency type (direct or indirect)

  • By reachability (see reachability)

  • by fixability (see fixability)

  • By project (pattern)

  • By issue status (open, confirmed, muted, etc)

  • By tag

  • etc.

Public Vulnerabilities (CVEs)

Vulnerability Details tab shows detailed information about the CVE.

Vulnerabilities also show information about Fixability. Please see Fixability for further details.

Reachability Analysis tab shows detailed information about the call paths to the vulnerable method(s) of the component.

Please see Reachability for further details.

Malware details (MEW)

Summary tab shows detailed information about the component:

  • Explanation

  • Component name

  • Location where defined

  • Description

Malware evidence tab shows detailed information about the code evidences found:

Last updated