Once you've identified that a project includes issues, you will want to investigate those issues to determine a course of action.
- From the SOOS Developer Dashboard, select any project displaying issues to access the full list of issues identified.
- Locate the issue you want to address and click to expand the issue details.
- When researching an issue for an SCA scan, you will be given the following information:
- Identity of the issue
- When the issue was identified
- The severity of the issue
- In which package and manifest the issue was identified
- Including direct links to the Dependency tab
- A Research button linking to the Vulnerability Detail page to learn more about the identified vulnerability.
- Vulnerability Detail pages are available only for CVE vulnerabilities. Policy violations, typos, and substitutions all display a list of reference links for further research.
- The recommended solution for mitigation and details needed to make the recommended fix.
- DAST scan issue details will display the following for each web vulnerability:
- CWE associated with the vulnerability
- When the issue was identified
- The severity of the issue
- A list of references providing additional information about the web vulnerability
- The recommended solution for mitigation
- In which endpoints within the application the vulnerability is found.
- Evidence and parameter values
- Request and response headers
- The curl command to reproduce the request
- Suppressing an issue allows you to ignore it for a period of time, from one day to forever. Read more about Suppressed Issues here.
- Depending on your third party integrations, tickets can be created in either JIRA or GitHub issues, and/or pull requests can be sent to GitHub.
Refer to our Fixing your issues article for more about creating fix tickets and pull requests.
Can't find what you're looking for?