Adding an Existing Vulnerability to a Component Version
Code Insight 6.14.2 SP2
Use the following procedure to manually add an existing security vulnerability to a component version—that is, add a vulnerability already identified in the Code Insight data library but currently not associated with the component version. Once added, this vulnerability is considered a custom vulnerability for the component.
Only users with permission to write to components can perform this task. (See the component.write.access.user.list property in <codeInsightInstallPath>\config\core\core.properties.)
To add an existing vulnerability to a component version, do the following:
|
1.
|
Click Research on the Main menu bar. The Research page appears. |
|
2.
|
In the Search field, enter the name of the component for which you wish to add the vulnerability. |
|
3.
|
Click the magnifying glass icon. |
|
4.
|
Locate the desired component, and click the associated shield icon in the Vulnerabilities column. |
The Version Details dialog for the component opens.
|
5.
|
Locate the component version to which you want to add a vulnerability, and click the shield icon in the Vulnerabilities column to open the Security Vulnerabilities dialog. |
|
6.
|
Click Associate Vulnerability to open the Associate Vulnerability dialog. |
|
7.
|
In the Search for Vulnerability Name field, enter the exact name of the existing vulnerability you want to add. |
|
8.
|
Click the magnifying glass icon. |
|
•
|
If you have entered a vulnerability name that exists in the Code Insight data library, the vulnerability and its details are listed. (Click the plus icon to the left of the vulnerability to show the its description.) |
|
•
|
If you entered a vulnerability name that does not exist in the Code Insight data library, no results are listed. Make sure you have entered the exact vulnerability name and try again. If you continue to see no results, you have the option to create a new vulnerability and associate it with the component version. For details, see the next section, Adding a New Vulnerability to a Component Version. |
|
9.
|
If the security vulnerability displayed is the desired vulnerability, select it and click Associate to add it to the component version. |