Working with Security Vulnerabilities
Code Insight uses data from the National Vulnerability Database (NVD) and other advisories such as RubySec to report security vulnerabilities associated with your inventory items. The information from these sources is used to create vulnerability rankings and alerts.
The Vulnerabilities bar graph shows the current security-vulnerability counts by severity level for a given inventory item or component version:
The graph is shown in the Inventory Details interface for given inventory item in the Analysis Workbench or on the Project Inventory tab (if the item has known vulnerabilities). It is also displayed for individual inventory items listed in the Inventory View or for a given component version in the Lookup Component Window.
The following sections provide more information about exploring the details for a security vulnerability so that you can better address the vulnerability’s impact on your product code and take remedial action if necessary:
| • | Understanding Severity Levels for Security Vulnerabilities |
| • | Examining Security Vulnerability Details |
| • | Analyzing, Suppressing, or Unsuppressing a Security Vulnerability at the Project Level |
| • | Suppressing or Unsuppressing a Security Vulnerability at the Global Level |