Searching for Projects That Include Inventory Impacted by a Specific Security Vulnerability

You might find it sometimes necessary to see how a specific security vulnerability impacts your organization. You can do this quickly by searching for all projects that include one or more inventory items impacted by the security vulnerability or advisory. The search returns a filtered list of projects; and, when a project in the list is opened, its inventory is also filtered by the search criterion.

Perform the search in one of the following ways:

•

If you know the exact ID of the security vulnerability or advisory—Use the Security Vulnerability search filter with the exact security vulnerability ID as the search criterion, as described in this section.

•

If you do not know the ID of the security vulnerability or advisory—Use the Project Inventory search filter to provide the name of the vulnerable component as the search criterion. See Searching for Projects That Include Inventory Based on a Specific Component or Component Version for details.

Note:A vulnerability or advisory might not have an ID, for example, in the case of a zero-day vulnerability for which an ID has not been published.

Rules When Performing This Search

When you use the Security Vulnerability search filter to search for those projects that include inventory impacted by a specific security vulnerability, the following rules apply:

•

Only one vulnerability ID can be specified as a search criterion.

•

Only exact matches of the full vulnerability ID string are supported. Partial strings are not supported.

•

The string you enter does not support spaces.

•

Only published inventory items are searched.

•

The search ignores inventory associated with a component version for which the vulnerability has been suppressed.

•

The search does not validate the vulnerability ID you enter. If you enter an invalid ID, no results are returned in the Projects pane.

How to Perform This Search

Use this procedure to locate projects that include inventory impacted by the exact security vulnerability ID you specify.

To search for projects with inventory impacted by a specific security vulnerability, do the following:

1.

Navigate to the Projects view. (See Opening the Projects View if additional instructions are needed.)

2.

At the top of the Projects pane, select Security Vulnerability from search dropdown list on the left.

3.

In the Enter Vulnerability ID field, specify the complete ID of the vulnerability (for example, CVE-2018-11776 for an NVD vulnerability).

4.

Press Enter. The list of projects changes to reflect the search results, and a filtered count (for example, “(19 of 123)”) is also provided in the header on the Projects pane to show the number of projects returned by the search.

If no inventory items meet the specified criterion, the Projects pane shows “No Projects”.

5.

Open one of the projects to see a filtered list of inventory items that are impacted by the security vulnerability. (See Opening a Project for details.)