Security Vulnerabilities Associated with Inventory

Code Insight uses data from the National Vulnerability Database (NVD) and other advisories such as RubySec to report security vulnerabilities associated with your inventory items. The information from these sources is used to create vulnerability rankings and alerts.

The Vulnerabilities bar graph shows the current security-vulnerability counts by severity level for a given inventory item listed in the Analysis Workbench and on the Project Inventory tab (and in other locations):

For more information about how to explore the security vulnerabilities associated with inventory, see Working with Security Vulnerabilities. This same section also describes how to suppress a vulnerability in your Code Insight instance if, for example, you have taken steps to protect your code against the vulnerability or if the vulnerability proves to be a “false positive”.