Viewing Security Vulnerabilities for Project Inventory

Code Insight 2021 R1

Code Insight uses data from the National Vulnerability Database (NVD), Secunia advisories (as published by the Secunia Research team from Revenera), and other advisories such as RubySec to report security vulnerabilities associated with your inventory items. The vulnerabilities information from these sources is used to create vulnerability rankings and alerts.

Use this procedure to access details for the vulnerabilities associated with an inventory item on the Project Inventory tab.

To view security vulnerabilities for an inventory item, do the following:

1.

Open the Project Inventory tab for the desired project (see Displaying Project Inventory).

2.

Click a published inventory item from the Inventory Items list.

3.

Select the Component Details tab. If known security vulnerabilities exist for the inventory item, the Vulnerabilities graph is displayed:

The severity levels depicted in the graph differ depending on the version of CVSS Code Insight is using (see Security Vulnerabilities Associated with Inventory). This example shows vulnerability severity counts using CVSS v3.x.

4.

Click any of the counts in the graph to open the Security Vulnerabilities dialog, which list current security vulnerabilities for the inventory item.

For more information about how to use this dialog to obtain details about the vulnerabilities, see Security Vulnerabilities Associated with Inventory.

5.

When you have finished viewing the reported vulnerabilities, click OK to return to the Inventory Items list.