Search Findings in your Organization

Overview

The Search Findings tool allows you to quickly locate and observe findings in your Applications and Projects within your Organization. The search method you choose depends on whether you focus on a particular library or finding.

Notes:

• The Search Findings will show results of CVEs or library names of different Applications or Projects available in your organization on the Mend AppSec Platform. It will not provide detailed descriptions of all known CVEs or their impacts.

• The Search Findings tool is available for Dependencies (SCA) and Containers.

Search Dependency Findings

1. Click Findings on the top-bar menu of the Mend AppSec Platform UI.

   

2. From the left menu pane, select Dependencies.

   

3. Search for vulnerabilities using the available filters.

   1. Default filters:

      1. Library: Enter at least three characters of the library name or full name to search for matching libraries in your inventory.

      2. Finding Id: Must be complete and case sensitive (e.g., CVE-2023-1234).

      3. Zero-Day Event: Select an available event from the drop-down list.
         Combine all three to narrow the list down. Example:

         

         You can add more filters to narrow the list down even further.

   2. Additional filters:

      1. Severity

      2. Risk Factors

      3. Application

      4. Project

      5. Status

      6. Dependency Type

4. Click anywhere on the row to open the finding side-panel.

Search Result Columns

The following table provides descriptions for each column displayed in your search results.

Search Result Fields	Description
Library	The name of the library affected by the finding
Finding ID	The identifier of the finding in the affected Library
Severity	The severity level (Critical / High / Medium / Low)
Risk Factors	Lists risk factors applicable for the finding in question (e.g., “Reachable”)
Application	The application containing the affected project
Project	The name of the project this finding affects
Status	Indicates the status of a finding, which can be one of the following: Unreviewed, In Review, Issue Created, Remediated, or Suppressed For more information on Mend SCA statuses, please check out our Mend SCA statuses documentation.
CVSS Score	The CVSS score is a numerical value ranging from 0.0 to 10.0 that represents the severity of a finding
EPSS Score	The EPSS score represents the likelihood of exploiting a vulnerability
Type	Denotes whether the dependency is Direct or Transitive
Modified	The date of the last modification
Detected	The date when this finding was first detected
Published	Date when the finding was published
CVSS Type	CVSS Type: The CVSS type refers to the version of the CVSS standard being used
Suppress Reason	Displays the reason provided by the user for suppressing the finding (where applicable)
Source File	In case you have a source file it will show up here

Export your Findings or Create a Report

As a security or compliance user, you may want the ability to export the vulnerability/library search results from the “Findings” page, for further analysis, sharing with stakeholders, or storing for auditing purposes.

Two options are available to you at the top-right corner of the screen:

1. Export: Click to download the data currently displayed on screen in CSV or JSON format.

2. + Create Report: Click to launch the Dependencies Findings report wizard.

Search Container Findings

1. Click Findings on the top-bar menu of the Mend AppSec Platform UI.

   

2. From the left menu pane, select Containers.

3. Type a complete Vulnerability Advisory ID OR at least three package name characters.

4. Click Export to CSV at the top-right to download the currently displayed data in CSV format.

Search Result Columns

The following table provides descriptions for each column displayed in your search results.