Risks (SCA)
Last updated
Last updated
The Open Source Risks (SCA) provides a comprehensive view of all the security issues of the dependencies.
You can reach the Open Source Risks (SCA) page either by selecting Risks (SCA) in the Navigation Bar or selecting the Risks (SCA) tab of any page of the Components section.
Open Source Risks (SCA) page is the same as All Risks but filtered by Open Source category, so please go to All Risks for a full description.
Secrets' Statistics view shows:
Charts for # of issues by severity, by type and by type & severity
A table with the issues (as well as a filter for the table)
You can use filters to select specific issues:
By Funnel Phase (see Prioritization Funnels )
By severity
By issue type
By dependency type (direct or indirect)
By reachability (see reachability)
by fixability (see fixability)
By project (pattern)
By issue status (open, confirmed, muted, etc)
By tag
etc.
Vulnerability Details tab shows detailed information about the CVE.
Vulnerabilities also show information about Fixability. Please see Fixability for further details.
Reachability Analysis tab shows detailed information about the call paths to the vulnerable method(s) of the component.
Please see Reachability for further details.
Summary tab shows detailed information about the component:
Explanation
Component name
Location where defined
Description
Malware evidence tab shows detailed information about the code evidences found:
Clicking on the icon of a component with public vulnerabilities will open a slide with details.
Clicking on the icon of a component with malware detected by Xygeni will open a slide with details.
