Vulnerability-Based Alerts
Overview
For customers moving from the previous model of (library-based only) alerting to the new Security Alerts: View By Vulnerability, this page describes the changes encountered.
DISCLAIMER: Support for the library-based alerts data model will end on April 4th, 2022.
When migrating from library-based alerting to vulnerability based alerting, there is a good chance the number of library and vulnerability alerts will increase. Below are the three use cases which will create additional library and/or vulnerability alerts.
One use case is with library-based alerts, 1 library with 10 vulnerabilities, only produces one library alert. Once migrated to vulnerability-based alerts, that same library will produce 10 additional vulnerability-based alerts.
If you are scanning the same project multiple times with different names, the same libraries for the same application will appear multiple times in your library inventory. For example application ABC is scanned 3 times. Each time it is scanned under a different name, ABC, ABC-container, ABC-dev. Each time the application is scanned, it will add the same libraries into the inventory multiple times. As discussed in the first use case, a single library with 10 vulnerabilities will have 10 vulnerabilities after the migration. If the same application has been scanned 3 times under different names, it will add 30 vulnerabilities after the migration, one for each occurrence of the same library.
The last use case is around source files. A single vulnerable library can have multiple source files associated to it, each with a unique SHA-1 hash and path. With library-based alerts, that single library would only produce one library alert. Once migrated to vulnerability-based alerts, a vulnerability alert will appear for each occurrence of the same vulnerable library in the inventory.
GUI Changes
Reports
The following changes have been implemented to the Reports functionality:
Report | Changes |
---|---|
Alerts Report | Removed, and some of its functionality can be accessed through Security Alerts: View by Vulnerability. |
Ignored Alerts Report | Removed, and some of its functionality can be accessed through Security Alerts: View by Vulnerability. |
Risk Report | The Security panel has undergone name changes in some of its inner panels. |
Alerts Resolution Duration Report | Removed, and the Status column has been incorporated into the Licensing & Compliance Alerts and Security Alerts: View by Vulnerability. NOTE: Bulk actions of ignored/activated will be done only on items on which the action can be executed. |
Miscellaneous | Ignoring an alert now implements all its operations in the same screen (without moving the user to other screens). |
Dashboard
The following changes have been implemented to the dashboards:
Dashboard | Changes |
---|---|
Dashboard in Project/Product pages, Home Dashboard |
|
Security Trends |
|
Alert Emails
The following changes have been implemented for status updates containing new alerts emails:
The section titles in email notifications have been changed from Security Library to Library Security Vulnerabilities.
In each Library Security Vulnerabilities section, next to the library name, the total count of security vulnerabilities for the library is displayed.
In each Library Security Vulnerabilities section, each vulnerability is displayed in a separate row along with its reported severity.
Prioritize
Grey shields are removed for displays that focus on vulnerabilities.
Policies
Grey shields (for customers with installations of Prioritize) are removed for displays that focus on vulnerabilities.
Library Details
The name of the Alerts panel has been changed, and its content now contains the Home dashboard categories for a library (those in Policy, Library, and Security).
API Changes
Modified APIs
The following is a list of APIs that have undergone changes if Vulnerability-based Alerting is enabled:
getOrganizationAlerts
getProductAlerts
getProjectAlerts
getOrganizationAlertsByType
getProductAlertsByType
getProjectAlertsByType
getOrganizationIgnoredAlerts
getProductIgnoredAlerts
getProjectIgnoredAlerts
The changes are as follows:
Previously, in the responses, the alert UUID was the same for all vulnerabilities related to the same library name. After enabling this feature, the alert UUID is unique per CVE and therefore different for all the vulnerabilities related to the same library.
A new element has been added (sourceFiles) to the API response in case there is a relation between a CVE and a source file.
The following fields were added to the responses of the APIs: getAlerts, getAlertsByProjectTag, getProjectAlertByType in all the scopes (project/product/organization):
Modified Date
Alert Status
Comment
New APIs
The following is a list of new APIs that are only available to organizations if Vulnerability-based Alerting is installed:
APIs for generating security alerts reports, detailed by vulnerability
getOrganizationSecurityAlertsByVulnerabilityReport
getProductSecurityAlertsByVulnerabilityReport
getProjectSecurityAlertsByVulnerabilityReport
APIs for generating security alerts reports, detailed by library
getOrganizationSecurityAlertsByLibraryReport
getProductSecurityAlertsByLibraryReport
getProjectSecurityAlertsByLibraryReport
APIs for generating license and compliance alerts reports
getOrganizationLicenseAndComplianceAlertReport
getProductLicenseAndComplianceAlertReport
getProjectLicenseAndComplianceAlertReport
For more details on these API calls, please refer to the API v1.3 documentation: Vulnerability-based Alerts
Removed APIs
Additionally, the following is a list of APIs that are not available to organizations if Vulnerability-based Alerting is installed:
getOrganizationAlertsReport
getProductAlertsReport
getProjectAlertsReport
getOrganizationIgnoredAlertsReport
getProductIgnoredAlertsReport
getProjectIgnoredAlertsReport
getOrganizationResolvedAlertsReport
getProductResolvedAlertsReport
getProjectResolvedAlertsReport
Changes in the APIs do not cause any backward compatibility issues.
Unaffected APIs
For the remaining APIs that have not been affected by the transition to Vulnerability-based Alerting, see the following:
NOTE: In case there is a relation between a CVE and a source file, the following elements will be added to the API response:
//This is the new element that was added to the response in case the alerts relate to a source file
"sourceFiles": [
{
"name": "swagger-ui.min.js",
"sha1": "0d1935e6d5d00a2c096989f5de2e08d8b2446d96",
"systemPath": "dist/swagger-ui.min.js",
"lastModified": "2019-08-28",
"bytes": 0,
"numOfLines": 0,
"id": 6574351
}
]