The Dependencies Tables
Overview
When reviewing an application or project’s Dependencies in the Mend AppSec Platform, you will find 3 tables which list all the libraries and findings of the application/project:
Direct Libraries - lists only direct dependencies in the application/project, without transitive ones.
Libraries - lists both direct and transitive dependencies, filterable by Type.
Findings - lists the vulnerabilities in the application/project. Filterable by vulnerabilities in direct vs. transitive dependencies.
Direct Libraries
When it comes to evaluating and mitigating risk in an application or project, you may want to focus on direct dependencies, as fixing those will often eliminate the risk present in their transitive dependencies as well.

Each line in the Direct Libraries table represents a direct dependency in your application/project and is equipped with an Actions (“kebab”) menu at the right edge of the screen, enabling you to perform several actions:
Create Issue - allows you to create a Jira issue. Requires an active connection to your Jira.
Suppress - allows you to suppress all the findings detected for the library in question.
While suppressing the findings, it is recommended to add a Suppress reason. This information will be visible in the VEX section of the CycloneDX SBOM report.

You can opt for one of the pre-defined Suppress reasons. Opting for “Other” enables you to add a free-text comment, which will be visible under the Comment column. This column is not displayed by default and should be added to the table using the Columns menu at the right edge of the table.

Unsuppress - allows you to undo a suppression. Only available for suppressed libraries.
Bulk Actions - Both Suppress and Unsuppress are supported as bulk actions. To perform a bulk action, multi-select the libraries you wish to perform the action on and then click the Actions button located above the top right corner of the table.

Libraries
The Libraries tab lists both direct and transitive dependencies.
The Direct Name column specifies the direct library of a transitive dependency.
Note that you can use the Type column’s filter to list only direct dependencies, only transitive dependencies, or dependencies that are both direct and transitive.

Note: The Actions menu in the Libraries table allows you to suppress and unsupppress findings, but does not contain the option to create a Jira issue.
Findings
When reviewing an application or project’s dependencies in the Mend AppSec Platform, you will often want to switch to the Findings tab, to see all the detected findings in a table. This is called the Findings Table.

The Findings Table
You can select which columns to display in the table using the Columns menu on the right:

Each finding is displayed in a separate line. Clicking the value in each column will reveal additional information pertaining to that column.
For example:
Clicking the Project value will take you to the Project Summary page of the project containing the relevant finding.
Clicking the finding itself (the CVE) will spawn a side-panel containing additional information about the finding.
Note: The Actions menu in the Findings table allows you to suppress and unsupppress findings, but does not contain the option to create a Jira issue.
The Finding Side-Panel
Clicking the CVE itself will spawn a side-panel on the right, containing 3 tabs: Overview, Remediation, Risk.
The Overview Tab
The Overview tab is the default tab for a finding. It contains robust information about the CVE grouped into the Security Overview, CVE Information, CVSS Score and References collapsible sections.

The Overview tab (all sections collapsed)

The Overview tab - Security Overview and CVE Information

The Overview tab - CVSS Score and References
The Remediation Tab
The Remediation tab contains information about the Recommended Fix, often in the form of an upgrade path for the vulnerable library in question:

The Risk Tab
The Risk tab contains information about Risk factors such as exploitability:

Suppress a Finding
The Suppress and Unsuppress actions available from the Actions menu in the Findings table, are also available in the finding side-panel, as depicted below.

While suppressing a finding, it is recommended to add a Suppress reason:

You can opt for one of the pre-defined Suppress reasons. Opting for “Other” enables you to add a comment, which will be visible under the Comment column. This column is not displayed by default and should be added to the table using the Columns menu at the right edge of the table.

Note: The Suppress reason will be visible in the VEX section of the CycloneDX SBOM report.