Viewing Security Vulnerabilities for Inventory in the Analysis Workbench

Code Insight 2021 R1

Code Insight uses data from the National Vulnerability Database (NVD), Secunia advisories (as published by the Secunia Research team from Revenera), and other advisories such as RubySec to report security vulnerabilities associated with your inventory items. The vulnerabilities information from these sources is used to create vulnerability rankings and alerts.

Use this procedure to access details about the security vulnerabilities associated with an inventory item in the Analysis Workbench.

To view security vulnerabilities for an inventory item, do the following:

1.

Open the Analysis Workbench for the desired project. (For instructions, see Opening the Analysis Workbench.)

2.

From the Inventory Details tab for a selected inventory item in the Analysis Workbench, locate the Vulnerabilities graph. (No graph is displayed if the inventory item has no known associated security vulnerabilities.)

The severities depicted on the graph differ depending on the CVSS version Code Insight is using (Security Vulnerabilities Associated with Inventory). This example shows vulnerability severity counts using CVSS v3.x.

3.

Click any of the counts in the graph to open the Security Vulnerabilities dialog, which lists the current security vulnerabilities for the inventory item.

For more information about how to use this dialog to obtain details about the vulnerabilities, see Security Vulnerabilities Associated with Inventory.

4.

When you have finished viewing the reported vulnerabilities, click OK to return to the Inventory Items list.