Skip to main content
Skip table of contents

Search Findings in your Organization

Overview

The Search Findings tool allows you to quickly locate and observe vulnerabilities in your Applications and Projects within your Organization. The search method you choose depends on whether you focus on a particular library or vulnerability.

Notes:

  • The Search Findings will show results of CVEs or library names of different Applications or Projects available in your organization on the Mend Platform. It will not provide detailed descriptions of all known CVEs or their impacts.

  • The Search Findings tool is currently available only for Dependencies (SCA).

Getting it done

There are two ways you can use the Search Findings tool:

  • Searching by a specific library name effectively identifies various CVE vulnerabilities associated with that library across different Applications or Projects.

  • Searching by the CVE identifier allows you to list different libraries affected by the same CVE across your Application or Projects.

Search by Library Name

  1. Click on the Findings tab within your Organization.

  2. Enter at least three characters of the library name or full name to search for matching libraries in your scanned projects.

  3. Click on the library name to open the Library Summary Page.

image-20240826-064816.png

Search by CVE Identifier

  1. Click on the Findings tab within your Organization.

  2. Enter the full CVE identifier to search your project for matching CVEs.

  3. Click on the library name to open the Library Summary page.

image-20240826-064911.png

The Library Summary Page

The Library Summary Page offers a comprehensive overview of vulnerabilities associated with a specific library, detailing their severity and identification. In this section, we will focus on the Vulnerabilities List, which details all identified vulnerabilities tied to the library.
Each Vulnerability entry includes:

  • Severity Rating: Vulnerabilities are categorized by severity (e.g., High, Medium, Low) to aid in prioritizing response efforts.

  • CVE Identifier: Provides standardized references for each issue, facilitating access to detailed reports and mitigation strategies.

  • CVSS Scores: Each vulnerability is accompanied by a Common Vulnerability Scoring System (CVSS) score, quantifying its severity based on factors like exploitability and impact.

  • Publication and Modification Dates: Tags each entry with its publication and last modification dates, helping track the timeliness and relevance of the information.

  • Vulnerability Details: For selected vulnerabilities, detailed descriptions are offered, including how the vulnerability occurs, its potential impacts, and the resolution steps taken.

image-20240826-065322.png

In subsequent sections, five additional areas provide a complete picture of this specific vulnerability.

These sections include:

  1. Threat Assessment: Evaluate software vulnerabilities' risk and potential impact, providing a comprehensive overview of how threats could affect your systems. This section includes Exploit Maturity ranges and an EPSS (Exploit Prediction Scoring System) score.

  2. CVSS 3 - Base Score Metrics: Provides a standardized method to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

  3. References: Offers links to more information about this vulnerability on git.kernel.org.

  4. Additional Vulnerable Libraries: Lists other libraries in this project that share this vulnerability.

  5. Proposed Fixes: Fixes available for the identified vulnerability.

image-20240826-065445.png

Search Result Fields

The following table provides descriptions for each field displayed in your search results.

Search Result Fields

Description

Library

The name of the library affected by the vulnerability.

Note: Clicking the name will link you to the Library page.

Vulnerability

The identifier of the vulnerability in the affected Library.

Severity

The Options here are: Critical, High, Medium, and Low.

Project

The name of the project this vulnerability affects.

Note: Click the name will link you to the project summary page.

Application

The Application containing the Library and vulnerability.

Source File

In case you have a source file it will show up here.

Dependency

Indicates whether the library is a direct or a transitive dependency.

Score

CVSS Score: The CVSS score is a numerical value ranging from 0.0 to 10.0 that represents the severity of a vulnerability.

Score Type

CVSS Type (or Version): The CVSS type refers to the version of the CVSS standard being used.

Reachable

Indicates whether the vulnerability in the library is reachable within the code.

Note: for more information on reachability please check out our SCA Reachabilityarticle.

Recommended Fix

The recommended fix to this Issue.

Status

The status here can be active or not.

Comments

Comments on CVE / library.

Last Modified By

The Admin/user that submitted the last modification.

Modified

The date of the last modification.

Detected

The date when this vulnerability was first detected

Integration

What Integration is currently active with this library.

Published

Date when the project/application was first published.

Risk ID

The internal tracking security ID for organizational tracking.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close