Viewing Security Vulnerabilities for Inventory in the Analysis Workbench
Code Insight uses data from the National Vulnerability Database (NVD), Secunia advisories (as published by the Secunia Research team from Revenera), and other advisories such as RubySec to report security vulnerabilities associated with your inventory items. The vulnerabilities information from these sources is used to create vulnerability rankings and alerts.
Use this procedure to access details about the security vulnerabilities associated with an inventory item in the Analysis Workbench.
To view security vulnerabilities for an inventory item, do the following:
| 1. | Open the Analysis Workbench for the desired project. (For instructions, see Opening the Analysis Workbench.) |
| 2. | From the Inventory Details tab for a selected inventory item in the Analysis Workbench, locate the Vulnerabilities bar graph. (No graph is displayed if the inventory item has no known associated security vulnerabilities.) |
The severities depicted on the graph differ depending on the CVSS version Code Insight is using (see Working with Security Vulnerabilities). This example shows vulnerability severity counts using CVSS v3.x.
| 3. | Click any of the counts in the graph to open the Security Vulnerabilities window, which lists the current security vulnerabilities for the inventory item. |
Note:Suppressed vulnerabilities are neither reflected in the counts on Vulnerabilities bar graph nor are they visible on Securities Vulnerabilities window.
For more information about vulnerabilities, see Working with Security Vulnerabilities.
| 4. | When you have finished viewing the reported vulnerabilities, click OK to return to the Inventory Items list. |