# SCA Risks

## SCA Statistics

The **Open Source** **Risks (SCA)** can be accesed by selecting the SCA option under the [**Risks**](/xygeni-products/application-security-posture-management-aspm/all-risks.md) tab . This tab provides a comprehensive view of all the security issues of the dependencies.

{% hint style="info" %}
You can reach the Open Source **SCA statistics** either by selecting Risk selecting the top-right statistics tab of the SCA page.
{% endhint %}

### Statistics

Secrets' **Statistics** view shows:

* Charts for # of issues by severity, by type and by type & severity
* A table with the issues (as well as a filter for the table)

<figure><img src="/files/gC9Jrc36OYlW56Cg323H" alt=""><figcaption></figcaption></figure>

You can use filters to select specific issues:

* By Funnel Phase (see [Prioritization Funnels](/introduction-to-xygeni/prioritization-funnels.md) )
* By Severity
* By Issue type
* By Dependency type (direct or indirect)
* By Reachability (see [reachability](/introduction-to-xygeni/prioritization-funnels/prioritization-funnels-1/reachability.md))
* By Fixability (see [fixability](/xygeni-products/open-source-security-oss/oss-auto-remediation.md))
* By Project (pattern)
* By Issue status (open, confirmed, muted, etc)
* By Tag

### Public Vulnerabilities (CVEs)

Clicking on the <img src="/files/5FmjwThA0hX07qYzmv8J" alt="" data-size="original"> icon of a component with public **vulnerabilities** will open a **slide** with detailed information about the CVE.

<figure><img src="/files/iZJCubDskcVL79izGZrf" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Vulnerabilities also show information about **Fixability**. Please see [Fixability ](/xygeni-products/open-source-security-oss/oss-auto-remediation.md)for further details.
{% endhint %}

The **Reachability Analysis tab** provides detailed information on the call paths leading to the component's vulnerable method(s).

<figure><img src="/files/gJSQR1y5cExxj1J08YbG" alt="" width="478"><figcaption></figcaption></figure>

{% hint style="info" %}
Please visit the [Reachability](/introduction-to-xygeni/prioritization-funnels/prioritization-funnels-1/reachability.md) documentation for further information.
{% endhint %}

### Malware Early Warny details (MEW)

Clicking on the <img src="/files/5FmjwThA0hX07qYzmv8J" alt="" data-size="original"> icon of a component with **malware detected by Xygeni** will open a **slide** with details.

The **Summary tab** shows detailed information about the component:

* Explanation
* Component name
* Location where defined
* Description

<figure><img src="/files/pIcChiczx3Dv3718uCtL" alt="" width="563"><figcaption></figcaption></figure>

The **Malware Evidence** tab provides detailed information about the detected code evidence.

<figure><img src="/files/buI0gunhHNrKMA19tcUg" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xygeni.io/xygeni-products/open-source-security-oss/risks-sca.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.