Viewing Security Vulnerabilities for Project Inventory
Code Insight uses data from the National Vulnerability Database (NVD), Secunia advisories (as published by the Secunia Research team from Revenera), and other advisories such as RubySec to report security vulnerabilities associated with your inventory items. The vulnerabilities information from these sources is used to create vulnerability rankings and alerts.
Use this procedure to access details for the vulnerabilities associated with an inventory item on the Project Inventory tab.
To view security vulnerabilities for an inventory item, do the following:
| 1. | Open the Project Inventory tab for the desired project (see Displaying Project Inventory). |
| 2. | Click a published inventory item from the Inventory Items list. The Project Inventory Details Pane on the right opens to the Inventory Details tab. |
If known security vulnerabilities exist for the inventory item, the Vulnerabilities bar graph is displayed:
The severity levels depicted in the graph differ depending on the version of CVSS Code Insight is using (see Security Vulnerabilities Associated with Inventory). This example shows vulnerability severity counts using CVSS v3.x.
| 3. | Click any of the counts in the graph to open the Security Vulnerabilities window, which lists current security vulnerabilities for the inventory item. |
Note:Suppressed vulnerabilities are neither reflected in the counts on Vulnerabilities bar graph nor are they visible on Securities Vulnerabilities window.
For more information about how to use this dialog to obtain details about the vulnerabilities, see Working with Security Vulnerabilities.
| 4. | When you have finished viewing the reported vulnerabilities, click OK to return to the Inventory Items list. |