Risks (SCA)
Last updated
Last updated
The Open Source Risks (SCA) provides a comprehensive view of all the security issues of the dependencies.
Open Source Risks (SCA) page is the same as All Risks but filtered by Open Source category, so please go to All Risks for a full description.
Secrets' Statistics view shows:
Charts for # of issues by severity, by type and by type & severity
A table with the issues (as well as a filter for the table)
You can use filters to select specific issues:
By Funnel Phase (see Prioritization Funnels )
By severity
By issue type
By dependency type (direct or indirect)
By reachability (see reachability)
by fixability (see fixability)
By project (pattern)
By issue status (open, confirmed, muted, etc)
By tag
etc.
The Reachability Analysis tab provides detailed information on the call paths leading to the component's vulnerable method(s).
The Summary tab shows detailed information about the component:
Explanation
Component name
Location where defined
Description
The Malware Evidence tab provides detailed information about the detected code evidence.
Clicking on the icon of a component with public vulnerabilities will open a slide with detailed information about the CVE.
Clicking on the icon of a component with malware detected by Xygeni will open a slide with details.