Adding a New Vulnerability to a Component Version
Code Insight 6.14.2 SP2
Use the following procedure to manually add a new security vulnerability to the component version—that is, create a vulnerability that has not yet been identified in the Code Insight data library and associate it with the component version. Once the vulnerability is created and associated with the component version, it is added to the data library as a custom vulnerability available for association with other components.
Only users with permission to write to components can perform this task. (See the component.write.access.user.list property in <codeInsightInstallPath>\config\core\core.properties.)
To add a new vulnerability to a component version, do the following:
|
1.
|
Click Research on the Main menu bar. The Research page appears. |
|
2.
|
In the Search field, enter the name of the component for which you wish to add a new vulnerability. |
|
3.
|
Click the magnifying glass icon. |
|
4.
|
Locate the desired component, and click the associated shield icon in the Vulnerabilities column. |
The Version Details dialog for the component opens.
|
5.
|
Locate the component version to which you want to add a vulnerability, and click the shield icon in the Vulnerabilities column to open the Security Vulnerabilities dialog. |
|
6.
|
Click Add New Vulnerability to open the New Vulnerability dialog. |
|
7.
|
Enter the required vulnerability name and description, and select a severity from the Severity pull-down menu. The URL field is optional and can be left blank. |
|
8.
|
Click Save to save the new vulnerability and associate it with the selected component version. |