Managing Security Vulnerability Alerts
Code Insight provides the ability to view and clear security vulnerability alerts. When the Electronic Update or Library Refresh process is run, it will generate these alerts for any new security vulnerabilities that are associated with inventory. The alerts allow you to investigate the most recent vulnerabilities and their effect on your project code, if any. Once you have addressed vulnerability impact, either by determining that vulnerability poses no threat to your application or by performing the required remediation to remove the threat, you can close the alert.
Note:An alert can be automatically closed when its associated security vulnerability is manually suppressed by a Code Insight System Administrator. See Suppressing/Unsuppressing Security Vulnerabilities for more information.
When the Electronic Update or Library Refresh generates security vulnerability alerts, an email notification is sent to the Project Contact of each project containing inventory impacted by the alerts. Additionally, remediation tasks can be automatically created for any affected inventory that is subsequently rejected, as dictated by a project’s policy profile and remediation options (see Updating Inventory Review and Remediation Settings for a Project).
Users can view the alerts for a given project from the Inventory Details pane in the Analysis Workbench or from the Project Inventory tab (and from the Inventory view).
Refer to these topics for more information:
| • | Accessing Security Vulnerability Alerts |
| • | Using the Alerts Dialog to Manage Alerts |