Researching your issues

Once you've identified that a project includes issues, you will want to investigate those issues to determine a course of action. 

• From the SOOS Developer Dashboard, select any project displaying issues to access the full list of issues identified.
  
• Locate the issue you want to address and click to expand the issue details.
• When researching an issue for an SCA scan, you will be given the following information:
  • Identity of the issue
  • When and where the issue was identified
  • The severity of the issue
  • In which package and manifest the issue was identified 
    • Including direct links to the Dependency tab
  • A Research button linking to the Vulnerability Detail page to learn more about the identified vulnerability.
    • Vulnerability Detail pages are available only for CVE vulnerabilities.  Policy violations, typos, and substitutions all display a list of reference links for further research.
  • The recommended solution for mitigation and details needed to make the recommended fix.
• DAST scan issue details will display the following for each web vulnerability:
  • CWE associated with the vulnerability
  • When and where the issue was identified
  • The severity of the issue
  • A list of references providing additional information about the web vulnerability
  • The recommended solution for mitigation
  • In which endpoints within the application the vulnerability is found.
  • Evidence and parameter values
  • Request and response headers 
  • The curl command to reproduce the request
    
• Suppressing an issue allows you to remove issues from the Open Issues that do not need to be immediately remediated. Read more about Suppressed Issues here.
• Depending on your third party integrations, tickets can be created in JIRA, Azure DevOps, or GitHub, and/or pull requests can be sent to GitHub. 

Refer to our Fixing your issues article for more about creating fix tickets and pull requests.