Details Shown for Each Security Vulnerability Alert

The following columns are used describe each security vulnerability alert listed in the Alerts dialog for the given inventory item. To filter the list of alerts, see Filtering Alerts.

Alert Details

Column

Description

Type

The type of security vulnerability alert. Currently, only New Vulnerability alerts are available.

Date

The date that the alert was generated.

Priority

The priority of the alert, which, by default, is based on the official severity level of the security vulnerability associated with the alert, as described here:

•

High—The default when the vulnerability severity level is Critical, High, or None in the CVSS v3.x scoring system or, in the CVSS v2.0 scoring system, High or Unknown.

•

Medium—The default when the severity level is Medium in either scoring system.

•

Low—The default when the severity level is Low in either scoring system.

You can change this value as needed. See Changing the Priority of a Security Vulnerability Alert.

For more information about the severity levels for security vulnerabilities, see Understanding Severity Levels for Security Vulnerabilities.

Status

The status of the alert in Code Insight:

•

Open—The alert needs to be addressed.

•

Closed—The alert has been addressed (usually because remediation was performed or it was determined to be a false positive for your code or the security vulnerability was suppressed). Hover over the

icon to see who closed the alert and when.

Change this value as needed. See Changing the Status of a Security Vulnerability Alert.

Details

Details about the security vulnerability:

•

Source—The advisory database in which the Code Insight located the vulnerability, such as NVD (National Vulnerability Database), Secunia (Secunia Advisories), Debian Advisories, or others.

•

ID—The identification number of the vulnerability associated with the Common Vulnerabilities and Exposures (CVE). If this is a hyperlinked value, click it to go to the actual entry for the vulnerability on the advisory website.

•

CVSS Score—The score of the vulnerability based on the Common Vulnerability Scoring System (CVSS). The values of the CVSS score range from 0.1 to 10, with 10 being the most serious. If the vulnerability has no score, the value is N/A.

•

Description—The description of the vulnerability as found in the advisory database.

Also see Security Vulnerabilities Associated with Inventory.

Filtering Alerts

Use the following procedure to change the view of the list of security vulnerability alerts on the Alerts dialog.

To filter the list of alerts, do the following:

Locate the dropdown list at the top of the Alerts dialog:

Select one of the following options from the list:

•

Show Open Alerts—Display only open alerts.

•

Show Closed Alerts—Display only closed alerts.

•

Show All Alerts—Display both closed and open alerts. This option will only be available if more than one alert is available.