My Vulnerability Doesn't Have a Fix Available

On occasion there may be vulnerabilities located that do not have a newer vulnerability free version available to upgrade too.

Use the SOOS Vulnerability Research pages to determine the best course of action.

Use the information provided in the Vulnerability Description and References sections to determine an appropriate course of action to make your own correction in your project. This may involve self-selecting a different package as a replacement, or making customizations to the selected package to remedy any identified vulnerabilities.

Depending on the urgency of the vulnerability and/or the development stage of your project, you may decide to suppress the issue temporarily or even permanently. In some cases you may choose to suppress with an attestation if the issue is a false positive, or your code is deemed not vulnerable. Use the Creating Issue Suppressions & Attestations page to determine the appropriate type of suppression.