Ability to Associate Existing Vulnerabilities with Component Versions

Previously, the Code Insight Web UI allowed users to create a security vulnerability that had not yet been identified in the Code Insight data library and associate it with a component version. In this release, users can now associate an existing security vulnerability with the component version—that is, a vulnerability already identified in the Code Insight data library but currently not associated with the component version.

The user can also disassociate such a vulnerability from the component version, just as they were able to do previously for any new vulnerabilities they created and added to the version.

Additionally, new REST APIs are available to associate an existing security vulnerability to an existing component version and to disassociate a custom vulnerability from a component version. (See New REST APIs.)

Note that only users with permission to write to components can manually add new or existing security vulnerabilities to a component version and disassociate any of these vulnerabilities from the version (as controlled by the component.write.access.user.list property in <codeInsightInstallPath>\config\core\core.properties).