Security Alerts: View by Library
Overview
The Security Alerts: View By Library screen enables you to review all vulnerability-based alerts that are associated with a specific library. Additionally, you can review vulnerability statistics for a selected library (meaning the number of reported vulnerabilities and ignored alerts) and ignore and activate (restore) a selection of vulnerability alerts associated with a library.
Accessing the Security Alerts: View By Library Screen
To access the Security Alerts: View By Library screen, do as follows:
From the menu bar, select Alerts > Security Alerts - View By Library. The Security Alerts - View By Library screen is displayed.
Generating the Alerts List
Refer here for details.
Note:
The counter(
Table Components
Column | Description |
|---|---|
Library | Library name where a CVE was found |
Product | The product where the vulnerability's library was found |
Project | The project where the vulnerability's library is found |
Severity | (Critical, High, Medium, Low) The highest-severity vulnerability accompanied by the number of times that vulnerabilities of this severity are found in this library |
Total Alerts | The total number for all vulnerability alerts reported for the library (Activated and Ignored) |
Dependency | "Transitive" or "Direct" depending on whether the vulnerable library is transitive or direct. Note: Clicking on a Dependency value displays its dependency types. Clicking “Transitive” displays a pop-up that displays the direct dependencies. Clicking “Direct” redirects you to the Library page in the project. |
Ignored Alerts | The number of library-related vulnerability alerts marked as ignored (will be empty if there are no ignored alerts) |
Library Type | Java, source library, etc. |
Creation Date | The date when the alert was created |
Modified Date | The date when the alert was modified |
Additional Actions
To ignore all the security alerts related to a library's vulnerabilities, check the library's row (checkbox on the left) and select Action > Ignore.
To activate all the security alerts related to a library's vulnerabilities, filter the table for ignored library alerts, then check the alert's row (checkbox on the left) and select Action > Activate. The alert will no longer appear in the ignored alerts list and will appear instead in the list of reactivated alerts.
Notes:
The actions of ignoring and activating alerts are saved to the Change Log History Report. This report can be used to filter and monitor these actions, and to view who performed them and when, and which informative comments those users might have added.
Note that while you perform the action on the library, the application actually performs the action on the vulnerability alerts. If you selected a library with multiple vulnerabilities, the Change Log History Report will display a separate row for each vulnerability alerts.
To export an alert to Excel, XML, and JSON format, check the alert's row (checkbox on the left), select Action > Export, and select your desired format.
Additional Options
To view information for a specific vulnerability's library, in Library, select the library. The Library Details page is displayed. This page displays relevant information regarding the library such as vulnerability trends, copyright information, and library vulnerabilities.
To view information for a specific library's related product or project, in the Product or Project column, click the relevant product or project. The relevant Home screen for that product or project is displayed with a variety of dashboard options, including security alerts, license analysis, and vulnerability analysis.
To view severity details, click Details in that vulnerability's column. The Library Security Vulnerabilities screen is displayed, displaying relevant information for all active vulnerabilities in the library, such as vulnerability ID, CVSS scores, etc.