Reviewing Security Issues

We’ve updated our global, project, and release group Issues view to improve experience and functionality. This is the central inbox for all issues across all projects or all issues within a specific project.

From the main Issues tab, you can navigate to your Security Issues.

In this article, you learn about filtering and sorting options. As well as, bulk actions you can take to address the identified issues.

🚧

TIP

You can refer to Creating Tickets and Ignoring Issues for more information on completing bulk actions.

Regardless of the type of issue you are reviewing, all issues are automatically filtered into two tabs:

  • Active - All issues that require additional attention
  • Ignored - Issues that have been reviewed and ignored

Filtering Options

You now have the ability to use filters to refine your search.

Filter Groups

Depth

Filter TypeDescription
DirectFilter issues that are direct dependencies.
TransitiveFilter issues that are transitive dependencies.

Ticket

Filter TypeDescription
TicketedFilter issues that already have a ticket associated.
Not TicketedFilter issues that have no associated tickets.

Severity

Filter TypeDescription
CriticalFilter Security issues that have CVSS score 9-10
HighFilter Security issues that have CVSS score 7-8.9
MediumFilter Security issues that have CVSS score 4-6.9
LowFilter Security issues that have CVSS score 0.1-3.9
UnknownFilter Security issues that do not have a CVSS score

Fix Available

Filter TypeDescription
Has FixFilter Security issues that have either a Partial or Complete fix
No FixFilter Security issues that do not currently have a known safe version

📘

NOTE

Partial Fix - Nearest update to fix the selected CVE. This fix may not resolve all vulnerabilities.

Complete Fix - Nearest update to fix all vulnerabilities found on this dependency

Ignored Type

Please see auto-ignored section for more details

Filter typeDescription
ManualAn issue ignored manually by the user
Auto-ignoredAn issue ignored via "auto-ignore in all versions"

📘

NOTE

You can select Reset all filters to remove existing filters at any time to display all identified issues.

Sorting Options

Depending on the number of issues that are listed in your central inbox, it is helpful to sort issues based on specific criteria to support your remediation process. You can sort Issues based on:

  • When the Issue was found by FOSSA (newest to oldest or oldest to newest)
  • The package name (ascending or descending alphabetical order)
  • The severity of the listed issue (highest to lowest or lowest to highest)

Issue Actions

You can initiate actions by selecting the checkbox next to any issue, giving you access to the action menu.

❗️

Important

Available actions will depend on product type (licensing, security, quality), issue status (active, ignored), issue scope (global, release group, project), and action type (individual, bulk). Please see the table below for a detailed breakdown.

ActionDescriptionAction type(s)Product type(s)Issue statusIssue scope(s)
Ignore (in current versions only)Ignore the selected issue(s) for the current semantic version of the affected package. Doing so will ignore in only the selected, affected project(s).

A new project revision containing any other semantic version of the package will generate a new active issue.
individual, bulklicensing, security, qualityactiveglobal, release group, project
Ignore (Auto-ignore in all versions)only available for individual project issues

Ignore the detected issue for all semantic versions of the affected package. Doing so will ignore in only the selected, affected project.

Doing so will only apply to the selected issue type (Denied/Flagged license or a CVE)

A new project revision containing any other semantic version of the package will be auto-ignored. Please see the auto-ignored section for full details.
individuallicensing, securityactiveproject
Create ticketCreate a ticket (JIRA) containing all selected issues. Please see Creating a Jira Ticket for full usage and configuration details.

Doing so with a previously ticketed issue(s) selected will link to the new ticket only.
individual, bulklicensing, security, qualityactive, ignoredglobal, release group, project
Unlink ticketRemove the association between the selected issue(s) and any linked tickets.individual, bulklicensing, security, qualityactive, ignoredglobal, release group, project
Download CSVDownload a csv containing all selected issues scoped by issue status(active or ignored)individual, bulklicensing, security, qualityactive, ignoredglobal, release group, project
UnignoreChange selected issue(s) status from ignored to active.

Note doing so will not end any existing auto-ignore rules. Please see the auto-ignore section for more details on stopping auto-ignore rules.
individual, bulklicensing, security, qualityignoredglobal, release group, project

Bulk Actions

You can action more than one issue at a time across all affected projects by using the select all or checking the boxes of the applicable issues in the global issues view.

❗️

IMPORTANT

This functionality replaces the Resolve in All Projects option when ignoring an issue in a particular project and the issue is found in other projects.

❗️

IMPORTANT

By selecting the bulk action checkbox, it automatically selects all the issues listed on the page. To select all the applicable issues, you must click the Select all link that displays in green.