Once you've identified that a project includes issues, you will want to investigate those issues to determine a course of action. 

 

  1. From the SOOS Developer Dashboard, select any project displaying issues to access the full list of issues identified.
  2. Locate the issue you want to address and click to expand the issue details.
  3. When researching an issue for an SCA scan, you will be given the following information:
    • Identity of the issue
    • When the issue was identified
    • The severity of the issue
    • In which package and manifest the issue was identified 
      • Including direct links to the Dependency tab
    • A Research button linking to the Vulnerability Detail page to learn more about the identified vulnerability.
      • Vulnerability Detail pages are available only for CVE vulnerabilities.  Policy violations, typos, and substitutions all display a list of reference links for further research.
    • The recommended solution for mitigation and details needed to make the recommended fix.
  4. DAST scan issue details will display the following for each web vulnerability:
    • CWE associated with the vulnerability
    • When the issue was identified
    • The severity of the issue
    • A list of references providing additional information about the web vulnerability
    • The recommended solution for mitigation
    • In which endpoints within the application the vulnerability is found.
    • Evidence and parameter values
    • Request and response headers 
    • The curl command to reproduce the request
  5. Suppressing an issue allows you to ignore it for a period of time, from one day to forever. Read more about Suppressed Issues here.
  6. Depending on your third party integrations, tickets can be created in either JIRA or GitHub issues, and/or pull requests can be sent to GitHub. 

Refer to our Fixing your issues article for more about creating fix tickets and pull requests.