Searching All Projects for a Security Vulnerability Advisory

Code Insight 2021 R1

You might find it sometimes necessary to quickly see how a specific security vulnerability impacts your organization. You can search the system for a security vulnerability or advisory in one of the following ways:

If you know the exact ID of the security vulnerability or advisory—Use the Security Vulnerability search filter with the exact security vulnerability ID as the search criterion, as described in this section.
If you do not know the ID of the security vulnerability or advisory—Use the Project Inventory search filter to provide the name of the vulnerable component as the search criterion. See Searching All Projects for Inventory Based on a Specific Component and Version for details.

Note:A vulnerability or advisory might not have an ID, for example, in the case of a zero-day vulnerability for which an ID has not been published.

Search Rules

When you use the Security Vulnerability search filter to search projects associated with a specific security vulnerability, the following rules apply:

Only one vulnerability ID can be specified as a search criterion.
Only exact matches of the full vulnerability ID string are supported. Partial strings are not supported.
The string you enter does not support spaces.
Only published inventory items are searched.
The search does not validate the vulnerability ID you enter. If you enter an invalid ID, no results are returned in the Projects pane.

Searching for a Security Vulnerability

Use this procedure to locate projects by the exact security vulnerability ID you specify.

To search for projects affected by a specific security vulnerability, do the following:

1. Navigate to the Projects view. (See Opening the Projects View if additional instructions are needed.)
2. At the top of the Projects pane, select Security Vulnerability from search dropdown on the left.
3. In the Enter Vulnerability ID field, specify the complete ID of the vulnerability (for example, CVE-2018-11776 for an NVD vulnerability).
4. Press Enter. The list of projects changes to reflect the search results, and a filtered count (for example, “(19 of 123)”) is also provided in the header on the Project pane to show the number of projects returned by the search.

If no inventory items meet the specified criterion, the Projects pane shows “No Projects”.

5. Open one of the projects to see a filtered list of inventory items that are impacted by the security vulnerability. (See Opening a Project for details.)