Skip to main content
Skip table of contents

The Dependencies Tables

Overview

When reviewing an application or project’s Dependencies in the Mend AppSec Platform, you will find 3 tables which list all the libraries and findings of the application/project:

Direct Libraries - lists only direct dependencies in the application/project, without transitive ones.

Libraries - lists both direct and transitive dependencies, filterable by Type.

Findings - lists the vulnerabilities in the application/project. Filterable by vulnerabilities in direct vs. transitive dependencies.

Direct Libraries

When it comes to evaluating and mitigating risk in an application or project, you may want to focus on direct dependencies, as fixing those will often eliminate the risk present in their transitive dependencies as well.

image-20250506-074116.png

Each line in the Direct Libraries table represents a direct dependency in your application/project and is equipped with an Actions (“kebab”) menu at the right edge of the screen, enabling you to perform several actions:

Create Issue - allows you to create a Jira issue. Requires an active connection to your Jira.

Suppress - allows you to suppress all the findings detected for the library in question.
While suppressing the findings, it is recommended to add a Suppress reason. This information will be visible in the VEX section of the CycloneDX SBOM report.

image-20250506-075150.png

You can opt for one of the pre-defined Suppress reasons. Opting for “Other” enables you to add a free-text comment, which will be visible under the Comment column. This column is not displayed by default and should be added to the table using the Columns menu at the right edge of the table.

image-20250506-085911.png

Unsuppress - allows you to undo a suppression. Only available for suppressed libraries.

Bulk Actions - Both Suppress and Unsuppress are supported as bulk actions. To perform a bulk action, multi-select the libraries you wish to perform the action on and then click the Actions button located above the top right corner of the table.

image-20250506-084232.png

Libraries

The Libraries tab lists both direct and transitive dependencies.

The Direct Name column specifies the direct library of a transitive dependency.

Note that you can use the Type column’s filter to list only direct dependencies, only transitive dependencies, or dependencies that are both direct and transitive.

image-20250506-075817.png

Note: The Actions menu in the Libraries table allows you to suppress and unsupppress findings, but does not contain the option to create a Jira issue.

Findings

When reviewing an application or project’s dependencies in the Mend AppSec Platform, you will often want to switch to the Findings tab, to see all the detected findings in a table. This is called the Findings Table.

image-20250307-105835.png

The Findings Table

You can select which columns to display in the table using the Columns menu on the right:

image-20250307-110201.png

Each finding is displayed in a separate line. Clicking the value in each column will reveal additional information pertaining to that column.
For example:
Clicking the Project value will take you to the Project Summary page of the project containing the relevant finding.
Clicking the finding itself (the CVE) will spawn a side-panel containing additional information about the finding.

Note: The Actions menu in the Findings table allows you to suppress and unsupppress findings, but does not contain the option to create a Jira issue.

The Finding Side-Panel

Clicking the CVE itself will spawn a side-panel on the right, containing 3 tabs: Overview, Remediation, Risk.

The Overview Tab

The Overview tab is the default tab for a finding. It contains robust information about the CVE grouped into the Security Overview, CVE Information, CVSS Score and References collapsible sections.

image-20250307-112322.png

The Overview tab (all sections collapsed)

image-20250307-112418.png

The Overview tab - Security Overview and CVE Information

image-20250307-113043.png

The Overview tab - CVSS Score and References

The Remediation Tab

The Remediation tab contains information about the Recommended Fix, often in the form of an upgrade path for the vulnerable library in question:

image-20250307-113445.png
The Risk Tab

The Risk tab contains information about Risk factors such as exploitability:

image-20250307-113429.png
Suppress a Finding

The Suppress and Unsuppress actions available from the Actions menu in the Findings table, are also available in the finding side-panel, as depicted below.

image-20250506-084905.png

While suppressing a finding, it is recommended to add a Suppress reason:

image-20250506-090834.png

You can opt for one of the pre-defined Suppress reasons. Opting for “Other” enables you to add a comment, which will be visible under the Comment column. This column is not displayed by default and should be added to the table using the Columns menu at the right edge of the table.

image-20250506-085911.png

Note: The Suppress reason will be visible in the VEX section of the CycloneDX SBOM report.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close