# SCA Risks

## SCA Statistics

The **Open Source** **Risks (SCA)**  can be accesed by selecting the SCA option under the [**Risks**](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm/all-risks) tab . This tab provides a comprehensive view of all the security issues of the dependencies.

{% hint style="info" %}
You can reach the Open Source **SCA statistics** either by selecting Risk selecting the top-right statistics tab of the SCA page.
{% endhint %}

### Statistics

Secrets' **Statistics** view shows:

* Charts for # of issues by severity, by type and by type & severity
* A table with the issues (as well as a filter for the table)

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FTIziVJ0ThiapLb4EiPxu%2Fimage.png?alt=media&#x26;token=6f9a78a0-0b82-4a6e-bfe3-38684db04bae" alt=""><figcaption></figcaption></figure>

You can use filters to select specific issues:

* By Funnel Phase (see [Prioritization Funnels](https://docs.xygeni.io/introduction-to-xygeni/prioritization-funnels) )
* By Severity
* By Issue type&#x20;
* By Dependency type (direct or indirect)
* By Reachability (see [reachability](https://docs.xygeni.io/introduction-to-xygeni/prioritization-funnels/prioritization-funnels-1/reachability))
* By Fixability (see [fixability](https://docs.xygeni.io/xygeni-products/open-source-security-oss/oss-auto-remediation))
* By Project (pattern)
* By Issue status (open, confirmed, muted, etc)
* By Tag

### Public Vulnerabilities (CVEs)

Clicking on the <img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FfJnY7f0LqyYzjYdBurPr%2Fimage.png?alt=media&#x26;token=94fdb20a-af33-4b59-80b0-0f9b8c905957" alt="" data-size="original"> icon of a component with public **vulnerabilities** will open a **slide** with detailed information about the CVE.

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FL1A6pmjNl0YfQzlwVFOu%2Fimage.png?alt=media&#x26;token=e4724f6e-bcff-4294-b370-4e59088eceb4" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Vulnerabilities also show information about **Fixability**. Please see [Fixability ](https://docs.xygeni.io/xygeni-products/open-source-security-oss/oss-auto-remediation)for further details.&#x20;
{% endhint %}

The **Reachability Analysis tab** provides detailed information on the call paths leading to the component's vulnerable method(s).

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FkxF5cEW5bUKrqWxS5vSq%2Fimage.png?alt=media&#x26;token=442b8a28-dfe2-4b4c-9731-29934e4cf9d5" alt="" width="478"><figcaption></figcaption></figure>

{% hint style="info" %}
Please visit the [Reachability](https://docs.xygeni.io/introduction-to-xygeni/prioritization-funnels/prioritization-funnels-1/reachability) documentation for further information.&#x20;
{% endhint %}

### Malware Early Warny details (MEW)

Clicking on the <img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FfJnY7f0LqyYzjYdBurPr%2Fimage.png?alt=media&#x26;token=94fdb20a-af33-4b59-80b0-0f9b8c905957" alt="" data-size="original"> icon of a component with **malware detected by Xygeni** will open a **slide** with details.

The **Summary tab** shows detailed information about the component:

* Explanation
* Component name
* Location where defined
* Description

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FznMwaa1FlqVpIthdZxd4%2Fimage.png?alt=media&#x26;token=20a80e1d-7b30-46e9-9e63-3a3d707ebb35" alt="" width="563"><figcaption></figcaption></figure>

The **Malware Evidence** tab provides detailed information about the detected code evidence.

<figure><img src="https://4096647782-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUTz59rJLkJBjiRWAMknU%2Fuploads%2FesOPMKUdFx9zXjoCLXqM%2Fimage.png?alt=media&#x26;token=ebb35f96-4f64-45aa-b3e3-ef2ef4d49374" alt=""><figcaption></figcaption></figure>