Working with Security Vulnerabilities
Code Insight uses data from the National Vulnerability Database (NVD) and other advisories such as RubySec to report security vulnerabilities associated with your inventory items. The information from these sources is used to create vulnerability rankings and alerts.
The Vulnerabilities bar graph shows the current security-vulnerability counts by severity level for a given inventory item:
The graph is shown on the Analysis Workbench, Project Inventory tab, Inventory View, and Lookup Component Window (for a given component version).
The following sections provide more information about exploring the details for a security vulnerability so that you can better address the vulnerability’s impact on your product code and take remedial action if necessary:
| • | Understanding Severity Levels for Security Vulnerabilities |
| • | Examining Security Vulnerability Details |
| • | Suppressing/Unsuppressing Security Vulnerabilities |