Once you've identified that a project includes issues, you will want to investigate those issues to determine a course of action.
- From the SOOS Developer Dashboard, select any project displaying issues to access the full list of issues identified.
- Locate the issue you want to address and click to expand the issue details.
- When researching an issue for an SCA scan, you will be given the following information:
- Identity of the issue (with 'exploitable' and 'fixes available' indicators if applicable)
- When and where the issue was identified
- When the vulnerability will be out of compliance if it isn't fixed in the designated amount of time
- The severity of the issue
- In which package and manifest the issue was identified
- Including direct links to the Dependency tab
- A Research button linking to the Vulnerability Detail page to learn more about the identified vulnerability.
- Vulnerability Detail pages are available only for CVE vulnerabilities. Policy violations, typos, and substitutions all display a list of reference links for further research.
- The recommended solution for mitigation and details needed to make the recommended fix.
- DAST scan issue details will display the following for each web vulnerability:
- CWE associated with the vulnerability
- When and where the issue was identified
- The severity of the issue
- A list of references providing additional information about the web vulnerability
- The recommended solution for mitigation
- In which endpoints within the application the vulnerability is found.
- Evidence and parameter values
- Request and response headers
- The curl command to reproduce the request
- Suppressing an issue allows you to remove issues from the Open Issues that do not need to be immediately remediated. Read more about Suppressed Issues here.
- Depending on your third party integrations, tickets can be created in JIRA, Azure DevOps, or GitHub, and/or pull requests can be sent to GitHub.
Refer to our Fixing your issues article for more about creating fix tickets and pull requests.